Dieter Kluenter wrote:
Hi,
Chris Shentonchris.shenton@nasa.gov writes:
On Feb 23, 2008, at 3:11 AM, Dieter Kluenter wrote:
Chris Shentonchris.shenton@nasa.gov writes:
I'm running 2.3.39 and using ppolicy to enforce our password policy. Got an LDIF file:
[...]
pwdAttribute: userPassword
pwdAttribute value should contain the OID of attribute type userpassword, which is 2.5.4.35
Thanks, that got me going. I could swear I used "userPassword" in a previous version of OpenLDAP.
Yes. That is intended to work; the ppolicy overlay installs a handler to map attribute names to their OIDs so that the main slapd code will recognize them.
Perhaps the docs and LDIF file should mention that you need to use the OID rather than the name? Both the man page for slapo-ppolicy and draft-behera-ldap-password- policy-xx.txt say "userPassword".
The only reference I have at hand right now is my own documentation, but I could swear that the original information had been in some documentation, either man slapo-ppolicy, draft-behera-ldap-password-policy or in ppolicy.c. But someone with more detailed inside knowledge may comment on this issue and clarify.