Dieter Kluenter wrote:
Hi,
Chris Shenton<[EMAIL PROTECTED]> writes:
On Feb 23, 2008, at 3:11 AM, Dieter Kluenter wrote:
Chris Shenton<[EMAIL PROTECTED]> writes:
I'm running 2.3.39 and using ppolicy to enforce our password
policy. Got an LDIF file:
[...]
pwdAttribute: userPassword
pwdAttribute value should contain the OID of attribute type
userpassword,
which is 2.5.4.35
Thanks, that got me going. I could swear I used "userPassword" in a
previous version of OpenLDAP.
Yes. That is intended to work; the ppolicy overlay installs a handler to map
attribute names to their OIDs so that the main slapd code will recognize them.
Perhaps the docs and LDIF file should mention that you need to use the
OID rather than the name?
Both the man page for slapo-ppolicy and draft-behera-ldap-password-
policy-xx.txt say "userPassword".
The only reference I have at hand right now is my own documentation,
but I could swear that the original information had been in some
documentation, either man slapo-ppolicy,
draft-behera-ldap-password-policy or in ppolicy.c. But someone with
more detailed inside knowledge may comment on this issue and clarify.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
