[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple password policies?

On Tuesday 04 December 2007 01:35:57 R.B. wrote:
> Hi;
> After reading some ppolicy HOWTOs, I've seen the following line in the
> slapd.conf file to assign a default password policy to users.
> slapd.conf file contains:
> `ppolicy_default "cn=default,ou=policies,dc=example,dc=com"`
> So I imagine this is used as the default policy for all users since
> it's defined globally.
> If I have several OUs that define users, groups, etc… how would I
> implement a password policy per user/group?
> For my setup, I would conceivably have:
> cn=swa-ppolicy,ou=ppolicies,dc=example,dc=com
> and
> cn=pse-ppolicy,ou=ppolicies,dc=example,dc=com
> ...and so on as I need policies in my directory.
> How can I apply these per group or user? Would I add a field to my
> posix[User|Group] schema?

Per-user, by setting the pwdPolicySubentry attribute on the entry for the 
user, as documented in slapo-ppolicy(5).