[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [ldapext] Re: Password policy state attributes

To: "'Jim Sermersheim'" <jimse@novell.com>
Subject: RE: [ldapext] Re: Password policy state attributes
From: "Steven Legg" <steven.legg@adacel.com.au>
Date: Fri, 29 Nov 2002 15:36:33 +1100
Cc: <ldapext@ietf.org>
Importance: Normal
In-reply-to: <sdde205b.058@prv-mail20.provo.novell.com>

Jim,

Jim Sermersheim wrote:
> A group of people interested in progressing the password 
> policy draft has been growing and exchanging emails off list. 
> We're moving discussion here so we have a list and a wider audience.
...
> Then the suggestion of moving the attribute association 
> inside the value was put forth say something like 
> "webPassword#200210240212Z". This requires new syntaxes which 
> some implementors don't like, but worse: 1) It doesn't allow 
> the attributes to be defined as single-value. 2) It doesn't 
> allow the server to enforce uniqueness among the values.

If the syntax is designed so that the first component is an
OBJECT IDENTIFIER (the password attribute type to which the
policy applies), then the objectIdentifierFirstComponentMatch can
be used as the equality matching rule and the server will enforce
the requirement of no more than one set of policy parameters
per password attribute type.

> 3) 
> It doesn't allow the replace operation (where replace would 
> work with single-valued attributes).

An aggregate syntax won't help with 3).

Regards,
Steven
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

References:
- [ldapext] Re: Password policy state attributes
  - From: "Jim Sermersheim" <jimse@novell.com>

Prev by Date: Re: [ldapext] Re: Password policy state attributes
Index(es):
- Chronological
- Thread