Kurt Zeilenga wrote:
It is desirable to have a mechanism to exclude (or exempt) a user from the policy. For instance, it's nasty for various accounts associated with application entities (as opposed to humans) to be locked out. In the Isode implementation, we have an operational single-valued attribute, pwdExclude, which if present in the user's entry and has the boolean value TRUE exempts the user from all password policy enforcement. It would be good to add something like this to the spec.
That sounds backward to me. You should just define a specific policy for those accounts, and turn off everything you don't want enforced in that policy.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ _______________________________________________ Ldapext mailing list Ldapext@ietf.org https://www.ietf.org/mailman/listinfo/ldapext