Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E5D5D7806 for ; Fri, 30 Sep 2011 18:10:26 +0000 (UTC) Received: (qmail 97221 invoked by uid 500); 30 Sep 2011 18:10:26 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 97188 invoked by uid 500); 30 Sep 2011 18:10:26 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Delivered-To: moderator for users@directory.apache.org Received: (qmail 67923 invoked by uid 99); 30 Sep 2011 16:23:46 -0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) From: To: Date: Fri, 30 Sep 2011 18:23:13 +0200 Subject: [ApacheDS] looking for simple config for password policy enforcement. Thread-Topic: [ApacheDS] looking for simple config for password policy enforcement. Thread-Index: Acx/i8BeS54FQRI6R0+L5ro4+6T3bQ== Message-ID: <2BE7E81B77921F43A6A273C2DF2FA6A43A426D8B03@IBSMBX.ibs-ag.com> Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, de-DE Content-Type: multipart/alternative; boundary="_000_2BE7E81B77921F43A6A273C2DF2FA6A43A426D8B03IBSMBXibsagco_" MIME-Version: 1.0 --_000_2BE7E81B77921F43A6A273C2DF2FA6A43A426D8B03IBSMBXibsagco_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I would like to apply and enforce two different password policies to two di= fferent sub trees (that share the same root). I see where the policies (I think ) are supposed to go. ou=3DpasswordPolicies,ads-interceptorId=3DauthenticationInterceptor,ou=3Din= terceptors,ads-directoryServiceId=3Ddefault,ou=3Dconfig The question is how does this policy then get linked or applied to a user? In other directory servers, the pwdPolicy schema defines the policy object = and all the supporting attributes (min/max pw length, etc). Then the pwdPolicySubentry attribute (on the user object) refers to the DN= of the policy object and this is how it's enforced. I can't seem to make the connection in ApacheDS how this occurs? I've tried creating ads-passwordPolicy object at the subtree level of my u= sers. Doesn't work. I've tried creating a simple pwdPolicy object but it cannot be saved becaus= e there's no structural objectclass associate with it. Even if the functionality isn't fully implemented, I'd like to structure th= e directory correctly. Your help is most appreciated. --_000_2BE7E81B77921F43A6A273C2DF2FA6A43A426D8B03IBSMBXibsagco_--