directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: [ApacheDS] looking for simple config for password policy enforcement.
Date Fri, 30 Sep 2011 19:39:08 GMT
On Fri, Sep 30, 2011 at 12:23 PM,  <Carlo.Accorsi@ibs-ag.com> wrote:
> I would like to apply and enforce two different password policies to two different sub
trees (that share the same root).
>
> I see where the policies (I think ) are supposed to go.
> ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
>
correct place
> The question is how does this policy then get linked or applied to a user?
>
> In other directory servers, the pwdPolicy schema defines the policy object and all the
supporting attributes (min/max pw length, etc).
> Then the pwdPolicySubentry  attribute (on the user object) refers to the DN of the policy
object and this is how it's enforced.
>
> I can't seem to make the connection in ApacheDS how this occurs?
> I've tried creating  ads-passwordPolicy object at the subtree level of my users. Doesn't
work.
> I've tried creating a simple pwdPolicy object but it cannot be saved because there's
no structural objectclass associate with it.
>
no, this won't work, just create another policy under the above
mentioned DN with a name like ads-pwdId=custom
and for enforcing this for a specific user:
add 'pwdPolicySubEntry' attribute with the value set to the custom
pwdpolicy entry's DN

Note that the default password policy(ads-pwdId=default) is applicable
for all other user entries which doesn't have a 'pwdPolicySubEntry'
attribute specified.

> Even if the functionality isn't fully implemented, I'd like to structure the directory
correctly. Your help is most appreciated.
>
please let us know if you have any other questions

HTH

-- 
Kiran Ayyagari

Mime
View raw message