Dieter Kluenter wrote:
Hi,
"Allgood, John"jallgood@ohl.com writes:
Hey Guys
I have another question in regards to using ppolicy. I have built my policy into ldap. How do I apply that policy to my existing user objects.
You either create a default rule set in slapd.conf or add a policy subentry to a user entry. Something like
dn: cn=some user,ou=users cn: some user objectclass: inetorgPerson objectclass: pwdPolicy pwdAttribute: 2.5.4.35 pwdPolicySubentry: cn=users,ou=policies
NO.
Where did you get this idea from?
There is no reason to set "objectclass: pwdPolicy" on the user object. Likewise, pwdAttribute does not belong there.
...
dn: cn=users,ou=policies cn: users objectClass: organizationalRole objectClass: pwdPolicy pwdAllowUserChange: TRUE pwdAttribute: 2.5.4.35 pwdCheckQuality: 1 pwdExpireWarning: 86400 pwdGraceAuthNLimit: 2 pwdInHistory: 6 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMaxAge: 250000 pwdMaxFailure: 3
-Dieter