Re: {CRYPT} password to {SHA}

[Hallvard B Furuseth <h.b.furuseth@usit.uio.no>]

Jeroen van Aart writes:
> I know about the password policy. It's a bit problematic to implement
> into the existing system. The main issue I remember is that I wanted to
> implement the policy for select groups, ou=People for example, but NOT
> ou=FTPusers or ou=Virtual since those accounts can't readily change the
> password. I couldn't find a way to do that.

For that particular proble, if by "groups" you mean LDAP subtrees: You
can put ou=People in a separate database in slapd.conf and mark it as
"subordinate" of its parent database so they'll be glued together and
act as one database.  Though since you mention synchronisation, there
were or are some bugs with combining syncrepl with the glue overlay
which "subordinate" makes use of.  The latest 2.4.* releases including
the upcoming 2.4.10 have a number of syncrepl fixes.

-- 
Hallvard