|
>>> "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> 9/2/05 2:38:37 pm >>>
>At 04:07 AM 9/2/2005, Ludovic Poitou wrote: >>>I have the same concern with pwdPolicySubentry, which seems to me to require manual setting. (For all the other non-modifiable attributes, >they have clearly defined automated behaviors, so there's no issue there.) >>In our implementation the pwdPolicySubentry can be set via our implementation of collective attribute, or manually... >>But I would expect some servers to have the attribute fully handled by the server. > >In the X.500 Admin Model, the entries controlled by a specific >subentry (holding collective, schema, password, etc. policy) >is controlled by the subtree specification associated with that >subentry. Operational attributes which hold values referencing >which subentry is holding the controlling policy in each >controlled entry are maintained by the server through the >subtree specification, hence these attributes should not >be user modifiable. > >While some servers don't follow the X.500 Admin Models, I >think all standardized policies should be designed and >specified to be consistent with the standardized admin >models. I agree. Perhaps the specification needs to be more clear that the value of a pwdPolicySubentry attribute is determined by the subtree specification of the governing password policy subentry. On the other hand, I dislike re-describing the nature of things already discussed in other specifications.
|
_______________________________________________ Ldapext mailing list Ldapext@ietf.org https://www1.ietf.org/mailman/listinfo/ldapext