directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <>
Subject Re: [ApacheDS] looking for simple config for password policy enforcement.
Date Fri, 30 Sep 2011 19:39:08 GMT
On Fri, Sep 30, 2011 at 12:23 PM,  <> wrote:
> I would like to apply and enforce two different password policies to two different sub
trees (that share the same root).
> I see where the policies (I think ) are supposed to go.
> ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
correct place
> The question is how does this policy then get linked or applied to a user?
> In other directory servers, the pwdPolicy schema defines the policy object and all the
supporting attributes (min/max pw length, etc).
> Then the pwdPolicySubentry  attribute (on the user object) refers to the DN of the policy
object and this is how it's enforced.
> I can't seem to make the connection in ApacheDS how this occurs?
> I've tried creating  ads-passwordPolicy object at the subtree level of my users. Doesn't
> I've tried creating a simple pwdPolicy object but it cannot be saved because there's
no structural objectclass associate with it.
no, this won't work, just create another policy under the above
mentioned DN with a name like ads-pwdId=custom
and for enforcing this for a specific user:
add 'pwdPolicySubEntry' attribute with the value set to the custom
pwdpolicy entry's DN

Note that the default password policy(ads-pwdId=default) is applicable
for all other user entries which doesn't have a 'pwdPolicySubEntry'
attribute specified.

> Even if the functionality isn't fully implemented, I'd like to structure the directory
correctly. Your help is most appreciated.
please let us know if you have any other questions


Kiran Ayyagari

View raw message