Andreas Hasenack <ahasenack(a)terra.com.br> writes:
On Wed, Jul 11, 2007 at 04:30:00PM +0200, Dieter Kluenter wrote:
> Hi,
> I am using ppolicy overlay control password policy. Now I would like
> to define 3 different policies as policyDN.
> In slapd.conf one can only define a defaultDN, how can a policyDN
> declared in an entry? Or is editing the operational attribute
> pwdPolicySubentray with relax control the only way?
You just set pwdPolicySubentry of the entry to the DN of the policy you
want to enforce for that particular entry. What do you mean by "relax
control"?
The attribute is a operational attribute with NO-USER-Modification,
( 1.3.6.1.4.1.42.2.27.8.1.23
NAME 'pwdPolicySubentry'
DESC 'The pwdPolicy subentry in effect for
this object'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
NO-USER-MODIFICATION
USAGE directoryOperation)
for relax see draft-zeilenga-ldap-relax.txt
Relax in fact replaces manageDIT control.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6