Thanks Michael;
I am using OpenLDAP v 2.4.43 Yes, the policy schema is loaded Yes, the overlay is active in the olcDatabase={1}bdb # {0}ppolicy, {1}bdb, config dn: olcOverlay={0}ppolicy,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {0}ppolicy olcPPolicyDefault: cn=default,ou=pwpolicies,dc=example,dc=ldap olcPPolicyHashCleartext: FALSE olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE
John D. Borresen (Dave) Ph: (781) 981-1609 Email: john.borresen@ll.mit.edu
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Thursday, December 17, 2015 11:46 AM To: Borresen, John - 0444 - MITLL; openldap-technical Subject: Re: Attribute pwdPolicySubentry
Borresen, John - 0444 - MITLL wrote:
When trying to add the pwdPolicySubentry attribute, I receive the
following:
"According to the schema attribute pwdPolicySubentry is not allowed."
It works for me.
Which component does produce this error message? Which OpenLDAP version are you using? Did you add the ppolicy schema? Did you active slapo-ppolicy in the database (section)?
First, can someone explain the meaning of #2. The way, that I read that
is
that if the "pwdPolicySubentry" is not available, and the policy was created.then the policy is applied. Is that correct?
Yes, the policy in the pwdPolicy entry referenced by ppolicy_default is applied if you don't specify a specific pwdPolicy entry in attribute 'pwdPolicySubentry'.
Ciao, Michael.