Commit 4e4341f3 authored by Karl O. Pinc's avatar Karl O. Pinc Committed by Quanah Gibson-Mount
Browse files

ITS#9396 Recommend namedPolicy for ppolicy entries

parent 932cc568
...@@ -931,7 +931,7 @@ The actual policy would be: ...@@ -931,7 +931,7 @@ The actual policy would be:
> dn: cn=default,ou=policies,dc=example,dc=com > dn: cn=default,ou=policies,dc=example,dc=com
> cn: default > cn: default
> objectClass: pwdPolicy > objectClass: pwdPolicy
> objectClass: person > objectClass: namedPolicy
> objectClass: top > objectClass: top
> pwdAllowUserChange: TRUE > pwdAllowUserChange: TRUE
> pwdAttribute: userPassword > pwdAttribute: userPassword
...@@ -948,10 +948,11 @@ The actual policy would be: ...@@ -948,10 +948,11 @@ The actual policy would be:
> pwdMinLength: 5 > pwdMinLength: 5
> pwdMustChange: FALSE > pwdMustChange: FALSE
> pwdSafeModify: FALSE > pwdSafeModify: FALSE
> sn: dummy value
You can create additional policy objects as needed. You can create additional policy objects as needed.
The namedPolicy object class is present because the policy entry
requires a structural object class.
There are two ways password policy can be applied to individual objects: There are two ways password policy can be applied to individual objects:
......
...@@ -125,6 +125,17 @@ object class. The definition of that class is as follows: ...@@ -125,6 +125,17 @@ object class. The definition of that class is as follows:
pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) ) pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) )
.RE .RE
The
.B pwdPolicy
class is not structural, and so entries using it require another,
structural, object class. The
.B namedPolicy
object class is a good choice.
.B namedPolicy
requires a
.B cn
attribute, suitable as the policy entry's rDN.
This implementation also provides an additional This implementation also provides an additional
.B pwdPolicyChecker .B pwdPolicyChecker
objectclass, used for password quality checking (see below). objectclass, used for password quality checking (see below).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment