Am Sat, 19 Dec 2015 18:29:32 +0000 schrieb Howard Chu <[email protected]>:
> Emmanuel Lecharny wrote: > > That makes sense. An even smarter system would use the > > administrative model to handle password policies. > > Yes. > > > > Le samedi 19 décembre 2015, <[email protected] > > <mailto:[email protected]>> a écrit : > > > > In my opinion, the pwdPolicySubentry attribute should be > > read-only generated by the server. > > Agreed. That's how it always should have worked, but since we didn't > have a real subEntry implementation, this is what we got. > > > > We had made the error in Sun Directory Server to allow > > customers to set it manually, and it was very confusing that the > > attribute served 2 roles : a way to find the pwd policy entry > > applicable for the entry, and a way to set a different or new > > policy for an account. > > > > In OpenDJ ( and all other servers from the same code base) we > > use 2 different attributes. That separation made it easier to > > handle for applications and administrators. > > Makes sense. > > > > My 2 cents This thread should be moved to [email protected] -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
