Gavin,
Ah, so that would suggest that adding a:
pwdPolicySubentry: cn: lesser,ou=ppolicy,dc=example,dc=com
to users of a specific group would allow the entire group to be managed by that particular policy.
Thanks.
Andy
----- Original Message ----- From: "Gavin Henry" ghenry@suretecsystems.com To: "andylockran" andy@zrmt.com Cc: "Adam Leach" adam.m.leach@gmail.com; openldap-software@openldap.org Sent: Tuesday, June 17, 2008 11:18 AM Subject: Re: ppolicy by group
andylockran wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Guys,
Sorry to be a pain, but is there just this one #default ppolicy - and exceptions need to be made on an individual basis?
There's one configurable default:
database bdb suffix dc=example,dc=com overlay ppolicy ppolicy_default cn=Standard,ou=Policies,dc=example,dc=com"
man slapo-ppolicy:
"Every account that should be subject to password policy control should have a pwdPolicySubentry attribute containing the DN of a valid pwdPolicy entry, or they can simply use the configured default. In this way different users may be managed according to different policies."
-- Kind Regards,
Gavin Henry.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie, Aberdeenshire, AB51 4FP.