[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [ldapext] password policy: exclude (or exempt) user from policy
On Jul 5, 2010, at 1:31 PM, Howard Chu wrote:
> Kurt Zeilenga wrote:
>> It is desirable to have a mechanism to exclude (or exempt) a user from the
>> policy. For instance, it's nasty for various accounts associated with
>> application entities (as opposed to humans) to be locked out.
>>
>> In the Isode implementation, we have an operational single-valued
>> attribute, pwdExclude, which if present in the user's entry and has the
>> boolean value TRUE exempts the user from all password policy enforcement.
>>
>> It would be good to add something like this to the spec.
>
> That sounds backward to me.
It's modeled after collective attribute exclusions.
> You should just define a specific policy for those accounts, and turn off everything you don't want enforced in that policy.
That can be pain depending on how one organizes their account objects.
-- Kurt
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www.ietf.org/mailman/listinfo/ldapext