[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] single-value vs. one value
- To: "'Ludovic Poitou'" <ludovic.poitou@Sun.com>, "'Michael Ströder'" <michael@stroeder.com>, "'Jim Sermersheim'" <jimse@novell.com>
- Subject: [ldapext] single-value vs. one value
- From: "Andrew Sciberras" <andrews@adacel.com.au>
- Date: Fri, 6 Dec 2002 08:45:05 +1100
- Cc: <Kurt@OpenLDAP.org>, <bcheckley@epresence.com>, <ldapext@ietf.org>, <mcs@netscape.com>, "'Alan Clark'" <ACLARK.PRV-3.PROVO@novell.com>, "'Hal Henderson'" <HAL@novell.com>, <jim@willeke.com>, <andrews@adacel.com>
- Importance: Normal
- In-reply-to: <3DEF610F.9030200@Sun.com>
Hi Guys,
Jim, you have stated this in a past email:
> Personally, I'd rather restrict it to single-value attributes.
Michael, you have also stated something similar:
> Personally I'd also like to restrict it to single-value attributes.
And Ludovic, in your last email you have stated that the I-D already imposes
the above restriction.
I think that these posts use the term 'single-value' a little too loosely.
Surely you don't really mean that the password policy can only be applied to
SINGLE VALUE attributes, as this would rule out the userPassword attribute.
In my opinion I think that Section 3.3 of the I-D clearly specifies how the
password policy should be applied to attributes and their values.
>3.3 Restriction of the Password Policy
>
>The password policy defined in this document can apply to any
>attribute containing a password. Password policy state information
>is held in the user's entry, and applies to a password attribute,
>not a particular password attribute value. Thus the server SHOULD
>enforce that the password attribute subject to password policy,
>contains one and only one password value.
Andrew.
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext