Thanks Michael;
I am using OpenLDAP v 2.4.43
Yes, the policy schema is loaded
Yes, the overlay is active in the olcDatabase={1}bdb
# {0}ppolicy, {1}bdb, config
dn: olcOverlay={0}ppolicy,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyDefault: cn=default,ou=pwpolicies,dc=example,dc=ldap
olcPPolicyHashCleartext: FALSE
olcPPolicyUseLockout: FALSE
olcPPolicyForwardUpdates: FALSE
John D. Borresen (Dave)
Ph: (781) 981-1609
Email: john.borresen@ll.mit.edu
-----Original Message-----
From: Michael Ströder [mailto:michael@stroeder.com]
Sent: Thursday, December 17, 2015 11:46 AM
To: Borresen, John - 0444 - MITLL; openldap-technical
Subject: Re: Attribute pwdPolicySubentry
Borresen, John - 0444 - MITLL wrote:
> When trying to add the pwdPolicySubentry attribute, I receive the
following:
> "According to the schema attribute pwdPolicySubentry is not allowed."
It works for me.
Which component does produce this error message?
Which OpenLDAP version are you using?
Did you add the ppolicy schema?
Did you active slapo-ppolicy in the database (section)?
> First, can someone explain the meaning of #2. The way, that I read that
is
> that if the "pwdPolicySubentry" is not available, and the policy was
> created.then the policy is applied. Is that correct?
Yes, the policy in the pwdPolicy entry referenced by ppolicy_default is
applied
if you don't specify a specific pwdPolicy entry in attribute
'pwdPolicySubentry'.
Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature