Commit 4e4341f3 authored by Karl O. Pinc's avatar Karl O. Pinc Committed by Quanah Gibson-Mount
Browse files

ITS#9396 Recommend namedPolicy for ppolicy entries

parent 932cc568
Pipeline #2475 canceled with stage
in 4 minutes and 40 seconds
......@@ -931,7 +931,7 @@ The actual policy would be:
> dn: cn=default,ou=policies,dc=example,dc=com
> cn: default
> objectClass: pwdPolicy
> objectClass: person
> objectClass: namedPolicy
> objectClass: top
> pwdAllowUserChange: TRUE
> pwdAttribute: userPassword
......@@ -948,10 +948,11 @@ The actual policy would be:
> pwdMinLength: 5
> pwdMustChange: FALSE
> pwdSafeModify: FALSE
> sn: dummy value
You can create additional policy objects as needed.
The namedPolicy object class is present because the policy entry
requires a structural object class.
There are two ways password policy can be applied to individual objects:
......
......@@ -125,6 +125,17 @@ object class. The definition of that class is as follows:
pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) )
.RE
The
.B pwdPolicy
class is not structural, and so entries using it require another,
structural, object class. The
.B namedPolicy
object class is a good choice.
.B namedPolicy
requires a
.B cn
attribute, suitable as the policy entry's rDN.
This implementation also provides an additional
.B pwdPolicyChecker
objectclass, used for password quality checking (see below).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment