ITS#9396 Recommend namedPolicy for ppolicy entries

doc/guide/admin/overlays.sdf

@@ -931,7 +931,7 @@ The actual policy would be:
 >       dn: cn=default,ou=policies,dc=example,dc=com
 >       cn: default
 >       objectClass: pwdPolicy
->       objectClass: person
+>       objectClass: namedPolicy
 >       objectClass: top
 >       pwdAllowUserChange: TRUE
 >       pwdAttribute: userPassword
@@ -948,10 +948,11 @@ The actual policy would be:
 >       pwdMinLength: 5
 >       pwdMustChange: FALSE
 >       pwdSafeModify: FALSE
->       sn: dummy value
 
 You can create additional policy objects as needed. 
 
+The namedPolicy object class is present because the policy entry
+requires a structural object class.
 
 There are two ways password policy can be applied to individual objects:
 

doc/man/man5/slapo-ppolicy.5

@@ -125,6 +125,17 @@ object class.  The definition of that class is as follows:
         pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) )
 .RE
 
+The
+.B pwdPolicy
+class is not structural, and so entries using it require another,
+structural, object class.  The
+.B namedPolicy
+object class is a good choice.
+.B namedPolicy
+requires a
+.B cn
+attribute, suitable as the policy entry's rDN.
+
 This implementation also provides an additional
 .B pwdPolicyChecker
 objectclass, used for password quality checking (see below).