[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy definitions

Gustavo Mendes de Carvalho wrote:
2008/4/28 Michael Ströder <michael@stroeder.com>:
Gustavo Mendes de Carvalho wrote:

According with man 5 slapo-policy and OpenLDAP site docs, in attribute
pwdAttribute I have to input value userPassword, but this attribute
does not support strings (according with my tries), so I inserted
correspondent userPassword OID ( is not the correct OID here. It identifies
the LDAP syntax 'Octet String' which is used for attribute type

 The correct OID for attribute type 'userPassword' to be put in
'pwdAttribute' is

Yes, you are right, but my main question is what value do I have to setup in pwdAttribute when configuring some user, if I choose to use Password policy ?

I'm not sure I understand your question.

Mainly you'll add entries for specifying possibly different password policies. AFAIK for OpenLDAP's ppolicy implementation only
is valid in these entry.

You can then

1. define a default password policy entry in slapd.conf and

2. you can specify which password policy is applied to a certain entry by adding attribute 'pwdPolicySubentry' to the user's entry which contains the DN of the required password policy entry.

Ciao, Michael.