I've been reading the Password Policy section of the Admin Guide. I am currently at this portion of the setup (the default policy is set up)
You can create additional policy objects as needed.
There are two ways password policy can be applied to individual objects:
1. The pwdPolicySubentry in a user's object - If a user's object has a pwdPolicySubEntry attribute specifying the DN of a policy object, then the policy defined by that object is applied.
2. Default password policy - If there is no specific pwdPolicySubentry set for an object, and the password policy module was configured with the DN of a default policy object and if that object exists, then the policy defined in that object is applied.
When trying to add the pwdPolicySubentry attribute, I receive the following: "According to the schema attribute pwdPolicySubentry is not allowed."
First, can someone explain the meaning of #2. The way, that I read that is that if the "pwdPolicySubentry" is not available, and the policy was created.then the policy is applied. Is that correct?
My policy looks like:
dn: cn=default,ou=pwpolicies,dc=example,dc=ldap
objectClass: top
objectClass: organizationalRole
objectClass: pwdPolicy
cn: default
pwdAttribute: 2.5.4.35
pwdAllowUserChange: TRUE
pwdExpireWarning: 14
pwdLockout: TRUE
pwdLockoutDuration: 300
pwdMaxAge: 15552000
pwdMaxFailure: 5
pwdFailureCountInterval: 0
pwdMinAge: 1
pwdMinLength: 9
pwdMustChange: TRUE
Thanks in advance.
John D. Borresen (Dave)
Linux/Unix Systems Administrator
MIT Lincoln Laboratory
Humanitarian Assistance and Disaster Relief (HADR) Systems
244 Wood St
Lexington, MA 02420
Email: mailto:john.borresen@ll.mit.edu john.borresen@ll.mit.edu