Hello,
"pwdPolicySubentry" is an operational attribute per slapo-ppolicy(5). I was able to add it quite easily, but I can't seem to delete it so an account goes back to using the default policy:
$ ldapsearch -H ldap://master -W -D 'cn=admin,dc=example,dc=com' -b 'dc=example,dc=com' '(uid=dmagda)' + Enter LDAP Password: # dmagda, People, example.com dn: uid=dmagda,ou=People,dc=example,dc=com structuralObjectClass: inetOrgPerson entryUUID: 1b0d0b6c-1115-1030-8396-1ba5239e5e7d creatorsName: cn=admin,dc=example,dc=com createTimestamp: 20110512185510Z pwdPolicySubentry: cn=service,ou=pwpolicies,dc=example,dc=com entryCSN: 20150602173051.854144Z#000000#000#000000 modifiersName: cn=admin,dc=example,dc=com modifyTimestamp: 20150602173051Z entryDN: uid=dmagda,ou=People,dc=example,dc=com subschemaSubentry: cn=Subschema hasSubordinates: FALSE
$ cat del.ldif dn: uid=dmagda,ou=People,dc=example,dc=com changetype: modify delete: pwdPolicySubentry
$ ldapsearch -H ldap://master -W -D 'cn=admin,dc=example,dc=com' -f del.ldif Enter LDAP Password: [...] # search result search: 2 result: 32 No such object
Given that I could add the attribute, was thought that it could be deleted as well.
Thanks for any info.
Regards, David