As far as I know you can only set it by person.  By adding the pwdPolicySubentry object to the person and have it's value equal the dn of the policy you want to enforce upon it.  If it is possible by group, I'd like to know.

Adam

On Thu, Jun 12, 2008 at 9:49 AM, Andy Loughran <andy@zrmt.com> wrote:
When ppolicy is set as default, it applies globally to the entire LDAP tree:

dn: cn=default,ou=policies,dc=zednax,dc=com

Is it possible to set the ppolicy by group?

Regards,

Andy



--
Adam Leach
BS Computer/Electrical Engineering
West Virginia University
System Administrator - Raytheon
(304)677-4455