Andreas Hasenack ahasenack@terra.com.br writes:

On Wed, Jul 11, 2007 at 04:30:00PM +0200, Dieter Kluenter wrote:

...

Hi, I am using ppolicy overlay control password policy. Now I would like to define 3 different policies as policyDN. In slapd.conf one can only define a defaultDN, how can a policyDN declared in an entry? Or is editing the operational attribute pwdPolicySubentray with relax control the only way?

You just set pwdPolicySubentry of the entry to the DN of the policy you want to enforce for that particular entry. What do you mean by "relax control"?

The attribute is a operational attribute with NO-USER-Modification,

( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' DESC 'The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation)

for relax see draft-zeilenga-ldap-relax.txt Relax in fact replaces manageDIT control.

-Dieter