Andrew Findlay wrote:
If I force the name of the policy into pwdPolicySubentry then it does
take effect, but that is not the point: the subentry should set this
attribute automatically.
The problem may be that the root of the subtree is not marked as an
administration point: OpenLDAP 2.3.39 knows about the
administrativeRole attribute but seems to have 'not implemented'
hard-wired into the result code.
Are subentries expected to work, or am I mis-reading something here?
Nope, that functionality is not implemented. Currently the only approach is to
set explicit values in the pwdPolicySubentry attribute of various entries.
The alternative is to extend the collect.c overlay for this purpose.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
