Windl, Ulrich wrote:
Hi!
I just discovered a problem (reading man slapo-ppolicy in old 2.4 OpenLDAP):
It seems one can configure a default policy, but it cannot be queried.
At least https://serverfault.com/a/644658/407952 suggests that, and after reading man slapo-ppolicy I did not find something different.
Why isnt there some olc attribute for it?
There is, of course.
So far we did not set the default policy, but assigned one to each user.
However I wanted to write a utility that would evaluate the changes if a default password policy were added.
For obvious reasons I dont want to hard-code the policy name into the utility, and the utility may run on any server, not just LDAP-Servers to query them.
However digging in the configs, I found in dn: olcOverlay={2}ppolicy,olcDatabase={1}hdb,cn=config the attribute olcPPolicyDefault, wondering why it isnt documented.
As with all config schema, it is self-documenting.
olcAttributeTypes: ( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' DESC 'DN of a pwd Policy object for uncustomized objects' EQUALITY distinguishedNameMatch SYNTA X OMsDN SINGLE-VALUE )