Can someone verify this is correct.   I seem to be able to use pwdAttribute with the only acceptable value of userPassword.

Thanks
sellers

On Feb 29, 2008, at 10:54 AM, Chris Shenton wrote:

On Feb 23, 2008, at 3:11 AM, Dieter Kluenter wrote:

Chris Shenton <chris.shenton@nasa.gov> writes:

I'm running 2.3.39 and using ppolicy to enforce our password
policy. Got an LDIF file:

dn: cn=npg2810,ou=policies,dc=nasascience,dc=nasa,dc=gov
cn: npg2810
objectClass: top
objectClass: pwdPolicy
objectClass: organizationalRole
objectClass: pwdPolicyChecker
description: OpenLDAP ppolicy to implement NPG2810-like restrictions
pwdAttribute:                   userPassword

pwdAttribute value should contain the OID of attribute type userpassword,
which is 2.5.4.35

Thanks, that got me going.  I could swear I used "userPassword" in a previous version of OpenLDAP.

Perhaps the docs and LDIF file should mention that you need to use the OID rather than the name?
Both the man page for slapo-ppolicy and draft-behera-ldap-password-policy-xx.txt say "userPassword".

Thanks.


______________________________________________
Chris G. Sellers | NITLE  - Technology Team
AIM: imthewherd | GoogleTalk: cgseller@gmail.com