https://bugs.openldap.org/show_bug.cgi?id=9343
--- Comment #2 from Mehmet gelisin <[email protected]> --- Enabling the Netscape password policy controls in the ppolicy10 module provides a suitable workaround for many applications. For cases where that is not an http://www-look-4.com/ acceptable workaround, ACLs can be set up to permit attribute access techniques This ITS can be suspended in case further needs arise to support client applications that depended on specific ppoilicy8 behavior. http://www.compilatori.com/ Enabling the Netscape password policy controls in the ppolicy10 module provides a suitable workaround for many applications. For cases where that is not an http://www.wearelondonmade.com/ acceptable workaround, ACLs can be set up to permit attribute access techniques This ITS can be suspended in case further needs arise http://www.jopspeech.com/ to support client applications that depended on specific ppoilicy8 behavior. Enabling the Netscape password policy controls in http://joerg.li/ the ppolicy10 module provides a suitable workaround for many applications. For cases where that is not an acceptable workaround, ACLs can be set up to permit attribute access techniques http://connstr.net/ This ITS can be suspended in case further needs arise to support client applications that depended on specific ppoilicy8 behavior. http://embermanchester.uk/ ppolicy only supports a single global default policy, and past that any policies must be manually added to a given user entry if they are supposed to have something other than the default policy. http://www.slipstone.co.uk/ Also, some sites want no default policy, and only a specific subset to have a policy applied to them. http://www.logoarts.co.uk/ For both of these cases, it would be helpful if it were possible to configure a policy to apply to a set of users via a URL similar to the way we handle creating groups of users http://www.acpirateradio.co.uk/ specifies these requirements e.g. in 4.2.6 [0], just that ppolicy never implemented them. Also an application can: - have its identity set to "manage"/"write" accordingly so it is/not considered "password administrator" in the eyes of the draft https://waytowhatsnext.com/ - write the relevant attributes (pwdReset, ...) in the same operation overriding the defaults Requiring the application to use the relax control to change certain attributes is not reversible AFAIK, which is why this was not done in 2.4... https://www.webb-dev.co.uk/ Should we need to change any of this, we need to specifies these requirements e.g. in 4.2.6 [0], just that ppolicy never implemented them. Also an application can: - have its identity set to "manage"/"write" accordingly so it is/not considered "password administrator" in the eyes of the draft - write the relevant attributes (pwdReset, ...) in the same operation overriding the defaults Requiring the application to use the relax control to change certain attributes is not reversible AFAIK, which is why this was not done in 2.4... http://www.iu-bloomington.com/ Should we need to change any of this, we need to -- You are receiving this mail because: You are on the CC list for the issue.
