On Fri, Sep 30, 2011 at 12:23 PM, <[email protected]> wrote: > I would like to apply and enforce two different password policies to two > different sub trees (that share the same root). > > I see where the policies (I think ) are supposed to go. > ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config > correct place > The question is how does this policy then get linked or applied to a user? > > In other directory servers, the pwdPolicy schema defines the policy object > and all the supporting attributes (min/max pw length, etc). > Then the pwdPolicySubentry attribute (on the user object) refers to the DN > of the policy object and this is how it's enforced. > > I can't seem to make the connection in ApacheDS how this occurs? > I've tried creating ads-passwordPolicy object at the subtree level of my > users. Doesn't work. > I've tried creating a simple pwdPolicy object but it cannot be saved because > there's no structural objectclass associate with it. > no, this won't work, just create another policy under the above mentioned DN with a name like ads-pwdId=custom and for enforcing this for a specific user: add 'pwdPolicySubEntry' attribute with the value set to the custom pwdpolicy entry's DN
Note that the default password policy(ads-pwdId=default) is applicable for all other user entries which doesn't have a 'pwdPolicySubEntry' attribute specified. > Even if the functionality isn't fully implemented, I'd like to structure the > directory correctly. Your help is most appreciated. > please let us know if you have any other questions HTH -- Kiran Ayyagari
