I’ve been reading the Password Policy section of the Admin Guide. I am currently at this portion of the setup (the default policy is set up) You can create additional policy objects as needed. There are two ways password policy can be applied to individual objects: 1. The pwdPolicySubentry in a user's object - If a user's object has a pwdPolicySubEntry attribute specifying the DN of a policy object, then the policy defined by that object is applied. 2. Default password policy - If there is no specific pwdPolicySubentry set for an object, and the password policy module was configured with the DN of a default policy object and if that object exists, then the policy defined in that object is applied. When trying to add the pwdPolicySubentry attribute, I receive the following: “According to the schema attribute pwdPolicySubentry is not allowed.” First, can someone explain the meaning of #2. The way, that I read that is that if the “pwdPolicySubentry” is not available, and the policy was created…then the policy is applied. Is that correct? My policy looks like: dn: cn=default,ou=pwpolicies,dc=example,dc=ldap objectClass: top objectClass: organizationalRole objectClass: pwdPolicy cn: default pwdAttribute: 2.5.4.35 pwdAllowUserChange: TRUE pwdExpireWarning: 14 pwdLockout: TRUE pwdLockoutDuration: 300 pwdMaxAge: 15552000 pwdMaxFailure: 5 pwdFailureCountInterval: 0 pwdMinAge: 1 pwdMinLength: 9 pwdMustChange: TRUE Thanks in advance. John D. Borresen (Dave) Linux/Unix Systems Administrator MIT Lincoln Laboratory Humanitarian Assistance and Disaster Relief (HADR) Systems 244 Wood St Lexington, MA 02420 Email: john.borresen@ll.mit.edu |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature