Gustavo Mendes de Carvalho wrote:
2008/4/28 Michael Ströder michael@stroeder.com:
Gustavo Mendes de Carvalho wrote:
According with man 5 slapo-policy and OpenLDAP site docs, in attribute pwdAttribute I have to input value userPassword, but this attribute does not support strings (according with my tries), so I inserted correspondent userPassword OID (1.3.6.1.4.1.1466.115.121.1.40)
1.3.6.1.4.1.1466.115.121.1.40 is not the correct OID here. It identifies the LDAP syntax 'Octet String' which is used for attribute type 'userPassword'.
The correct OID for attribute type 'userPassword' to be put in 'pwdAttribute' is 2.5.4.35.
Yes, you are right, but my main question is what value do I have to setup in pwdAttribute when configuring some user, if I choose to use Password policy ?
I'm not sure I understand your question.
Mainly you'll add entries for specifying possibly different password policies. AFAIK for OpenLDAP's ppolicy implementation only pwdAttribute: 2.5.4.35 is valid in these entry.
You can then
1. define a default password policy entry in slapd.conf and
2. you can specify which password policy is applied to a certain entry by adding attribute 'pwdPolicySubentry' to the user's entry which contains the DN of the required password policy entry.
Ciao, Michael.