Gavin Henry wrote:
man slapo-ppolicy:
"Every account that should be subject to password policy control should have a pwdPolicySubentry attribute containing the DN of a valid pwdPolicy entry, or they can simply use the configured default. In this way different users may be managed according to different policies."
Is it safe to conclude from that that if there is no default policy configured then unless an account has a pwdPolicySubentry containing the DN of a valid pwdPolicy entry it will not be subject to password policy?
Also is it generally safe to configure the policy overlay in a currently running and used openldap server? This would not affect current authentication for example? Having not configured a default, if the above is true, one could by hand switch on the policy by setting pwdPolicySubentry?
Thank you, Jeroen