[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Attribute pwdPolicySubentry

Thanks Michael;

I am using OpenLDAP v 2.4.43
Yes, the policy schema is loaded
Yes, the overlay is active in the olcDatabase={1}bdb
# {0}ppolicy, {1}bdb, config
dn: olcOverlay={0}ppolicy,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyDefault: cn=default,ou=pwpolicies,dc=example,dc=ldap
olcPPolicyHashCleartext: FALSE
olcPPolicyUseLockout: FALSE
olcPPolicyForwardUpdates: FALSE

John D. Borresen (Dave)
Ph: (781) 981-1609
Email: john.borresen@ll.mit.edu

-----Original Message-----
From: Michael Ströder [mailto:michael@stroeder.com] 
Sent: Thursday, December 17, 2015 11:46 AM
To: Borresen, John - 0444 - MITLL; openldap-technical
Subject: Re: Attribute pwdPolicySubentry

Borresen, John - 0444 - MITLL wrote:
> When trying to add the pwdPolicySubentry attribute, I receive the
> "According to the schema attribute pwdPolicySubentry is not allowed."

It works for me.

Which component does produce this error message?
Which OpenLDAP version are you using?
Did you add the ppolicy schema?
Did you active slapo-ppolicy in the database (section)?

> First, can someone explain the meaning of #2.  The way, that I read that
> that if the "pwdPolicySubentry" is not available, and the policy was
> created.then the policy is applied.  Is that correct?

Yes, the policy in the pwdPolicy entry referenced by ppolicy_default is
if you don't specify a specific pwdPolicy entry in attribute

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME cryptographic signature