[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Attribute pwdPolicySubentry

That makes sense. An even smarter system would use the administrative model to handle password policies. 

Le samedi 19 décembre 2015, <ludovic.poitou@gmail.com> a écrit :
In my opinion, the pwdPolicySubentry attribute should be read-only generated by the server.  

We had made the error in Sun Directory Server to allow customers to set it manually, and it was very confusing that the attribute served 2 roles : a way to find the pwd policy entry applicable for the entry, and a way to set a different or new policy for an account. 

In OpenDJ ( and all other servers from the same code base) we use 2 different attributes. That separation made it easier to handle for applications and administrators. 

My 2 cents


Emmanuel Lécharny