[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy

Subject: Re: Password policy
From: Guillaume Rousse <guillomovitch@gmail.com>
Date: Tue, 04 Dec 2012 12:15:52 +0100
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=AccWiq99BT260qhe9jw+d3QGDcwjGATATPCYnD8b6dc=; b=B7iI7d/X+iRHGxwKuX5DKFybWTtgf8RA8uowh+47Nklfm6Uma/AryoIydr+LTRZdTS HWbRjI5O0nRRELZe/ucnCn8LrhqwpZYK7MpiLFZ39XrcbOj+ApY934podVXpWZQgvPNE qbpTnEx2Ao1CavEg2s5m0JQ66fJ22TnE2LOrCFnEmAHa7DxdS94DEmRWKJ4jsrr0Seta exlOwOWhXXiwNcQ/NcV0c0QfmJUSRmUw+S9OKLRYjAnONdyC2EJkQwpWGrfV/tqjrAir vOgRrilu5o04++89TAJH2h78/QZx7m7rMDi2QodG/3/8mtXxov4zE4ijHIgighhWrlQ7 qgNg==
In-reply-to: <50AF9E8F.7030107@stroeder.com>
References: <SNT137-W1F6CB317E1B579F37605BFD560@phx.gbl>, <CAHEKYV5NXO+wFHvONdvUVcFVZq-4CiTQhJHpCdqGpxM+pzBYPg@mail.gmail.com>, <SNT402-EAS46617E510BE5EAA87FEE21FFD560@phx.gbl>, <CAHEKYV5qyKj-qcQpeLCh87bg=2fzeySuW9ybdRPY_T8yEEcwTg@mail.gmail.com> <SNT137-W6008CE958D612DD8075F84FD560@phx.gbl> <50AF9390.9030301@gmail.com> <50AF9E8F.7030107@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Thunderbird/17.0

Le 23/11/2012 17:04, Michael Ströder a écrit :

Guillaume Rousse wrote:

Le 19/11/2012 17:24, jeevan kc a écrit :

Or how about creating an OU=policies under the root DIT and including these
Objectclass: person

This class is perfectly useless here


Do you mean objectclass: person? It's needed. Otherwise..

Objectclass: pwdpolicy
Objectclass: top
cn:default
pwdAttribute:2.5.4.35
sn:summy
pwdlockout:True
pwdMaxfailure:3


..one would not be able to
1. use *auxiliary* object class 'pwdpolicy' and
2. set attribute 'cn' in the entry.

(I usually use structural objectClass 'applicationProcess' along with
'pwdpolicy').

Indeed, you need a structural object class. But Person is definitivelynot a good idea, unless you want to blur the issue more than needed. Ipersonaly use organizationalRole for this purpose.


--
BOFH excuse #412:

Radial Telemetry Infiltration

Prev by Date: dnMatch flooding logs and access blocked
Next by Date: Re: dnMatch flooding logs and access blocked
Index(es):
- Chronological
- Thread