[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4025) Ppolicy overlay: objectIdentifierMatch rule doesn't understand descriptions

Samuel Tran wrote:
> On Wed, 2005-09-28 at 08:25 -0700, Howard Chu wrote: 
>> I think it may help to see your slapd.conf at this point.
> Howard,
> My apologies, I have several test servers and I forgot to add the
> following lines to my slapd.conf on the test server I am working on:
> overlay ppolicy
> ppolicy_default "cn=StdPwd,ou=Policies,dc=amnh,dc=org"
> ppolicy_use_lockout
> Now it is working as expected.
> Why is it required to specify the overlay in slapd.conf in order to use
> the pwdPolicy objectClass?
You can use the objectClass in general, just by loading the schema file. 
But the code patch that changes the behavior of the pwdAttribute 
attributeType resides in the ppolicy overlay. If you don't use the 
overlay, the patch does not take effect. It wasn't clear to me that it 
was a good idea to change the objectIdentifier syntax behavior for all 
of slapd, so the patch is specific to the pwdAttribute attributeType. It 
may be a topic for discussion on -devel, whether a global change is more 

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/