[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy by group



Gavin,

Ah, so that would suggest that adding a:

pwdPolicySubentry: cn: lesser,ou=ppolicy,dc=example,dc=com

to users of a specific group would allow the entire group to be managed by that particular policy.

Thanks.

Andy


----- Original Message ----- From: "Gavin Henry" <ghenry@suretecsystems.com>
To: "andylockran" <andy@zrmt.com>
Cc: "Adam Leach" <adam.m.leach@gmail.com>; <openldap-software@openldap.org>
Sent: Tuesday, June 17, 2008 11:18 AM
Subject: Re: ppolicy by group



andylockran wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Guys,

Sorry to be a pain, but is there just this one #default ppolicy - and
exceptions need to be made on an individual basis?


There's one configurable default:

database bdb
suffix dc=example,dc=com
overlay ppolicy
ppolicy_default cn=Standard,ou=Policies,dc=example,dc=com"


man slapo-ppolicy:

"Every account that should be subject to password policy control should
have a pwdPolicySubentry attribute containing the DN of a valid pwdPolicy entry, or they can simply use the configured default. In this way different users may be managed according to different policies."



-- Kind Regards,

Gavin Henry.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.