Excellent, that's exactly what I needed to know, thank you!
I've removed the pwdPolicy entries from my system accounts and assigned them the cn=NoPasswordPolicy pwdPolicySubentry instead, thanks again!
-Michael Proto
On Wed, Jun 19, 2013 at 5:43 PM, Michael Ströder michael@stroeder.comwrote:
Michael Proto wrote:
I'm currently seeing an issue with slapo-ppolicy and individual account overrides not being respected. [..] What I've done in the interim is create a new ppolicy container with no expiration and assigned my system account's pwdPolicySubentry attribute
to
that:
# NoPasswordPolicy, Policies, domain dn: cn=NoPasswordPolicy,ou=Policies,dc=domain [..]
That's exactly how you should implement what you want to achieve: Use pwdPolicySubentry instead of attaching pwdPolicy attrs to the entry itself.
Ciao, Michael.