On Feb 23, 2008, at 3:11 AM, Dieter Kluenter wrote:
Chris Shenton chris.shenton@nasa.gov writes:
I'm running 2.3.39 and using ppolicy to enforce our password policy. Got an LDIF file:
dn: cn=npg2810,ou=policies,dc=nasascience,dc=nasa,dc=gov cn: npg2810 objectClass: top objectClass: pwdPolicy objectClass: organizationalRole objectClass: pwdPolicyChecker description: OpenLDAP ppolicy to implement NPG2810-like restrictions pwdAttribute: userPassword
pwdAttribute value should contain the OID of attribute type userpassword, which is 2.5.4.35
Thanks, that got me going. I could swear I used "userPassword" in a previous version of OpenLDAP.
Perhaps the docs and LDIF file should mention that you need to use the OID rather than the name? Both the man page for slapo-ppolicy and draft-behera-ldap-password- policy-xx.txt say "userPassword".
Thanks.