Discussion:
Can a ppolicy be applied to a subtree?
Campbell, Courtney
2015-10-14 14:06:00 UTC
Permalink
I am curious if a ppolicy can be applied to a subtree so that it is added to a user account when newly created?

________________________________

This message (including any attachments) is confidential and intended for a specific individual and purpose. If you are not the intended recipient, please notify the sender immediately and delete this message.
Marc Patermann
2015-10-15 09:00:42 UTC
Permalink
I am curious if a ppolicy can be applied to a subtree so that it is > added
to a user account when newly created? Unfortunately not. I would like to
have that too. As far as I know ppolicy overlay is a database setting. See
man slapo-ppolicy. You can split your DIT to multiple database apply ppolicy
to the database with your user account subtree and glue the databases together
to behave like a single DIT again. [...]

Content analysis details: (-1.9 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]

Hi,
I am curious if a ppolicy can be applied to a subtree so that it is
added to a user account when newly created?
Unfortunately not. I would like to have that too.
As far as I know ppolicy overlay is a database setting. See man
slapo-ppolicy.
You can split your DIT to multiple database apply ppolicy to the
database with your user account subtree and glue the databases together
to behave like a single DIT again.


Marc
Howard Chu
2015-10-15 23:08:41 UTC
Permalink
Content preview: Marc Patermann wrote: > Hi, > > Am 14.10.2015 um 16:06 Uhr
schrieb Campbell, Courtney: >> I am curious if a ppolicy can be applied to
a subtree so that it is >> added to a user account when newly created? >
Unfortunately not. I would like to have that too. > As far as I know ppolicy
overlay is a database setting. See man slapo-ppolicy. > You can split your
DIT to multiple database apply ppolicy to the database with > your user account
subtree and glue the databases together to behave like a > single DIT again.
[...]

Content analysis details: (-1.9 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: highlandsun.com]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]
Post by Marc Patermann
Hi,
Post by Campbell, Courtney
I am curious if a ppolicy can be applied to a subtree so that it is
added to a user account when newly created?
Unfortunately not. I would like to have that too.
As far as I know ppolicy overlay is a database setting. See man slapo-ppolicy.
You can split your DIT to multiple database apply ppolicy to the database with
your user account subtree and glue the databases together to behave like a
single DIT again.
Currently it's not supported, but this is something that slapo-collect would
be appropriate for.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
Campbell, Courtney
2015-10-15 19:45:48 UTC
Permalink
Content preview: Yeah. I ended up looking at the man page and kind of got the
point. It would be great if there was a way to apply a pwdPolicySubentry
to a subtree and have all newly created accounts inherit the policy. I am
transitioning from RHDS which has that functionality. [...]

Content analysis details: (-1.9 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: openldap.org]
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]

Yeah. I ended up looking at the man page and kind of got the point. It would be great if there was a way to apply a pwdPolicySubentry to a subtree and have all newly created accounts inherit the policy. I am transitioning from RHDS which has that functionality.

Thanks,
Court

-----Original Message-----
From: openldap-technical [mailto:openldap-technical-***@openldap.org] On Behalf Of Marc Patermann
Sent: Thursday, October 15, 2015 4:01 AM
To: openldap-***@openldap.org
Subject: Re: Can a ppolicy be applied to a subtree?

Hi,
Post by Campbell, Courtney
I am curious if a ppolicy can be applied to a subtree so that it is
added to a user account when newly created?
Unfortunately not. I would like to have that too.
As far as I know ppolicy overlay is a database setting. See man slapo-ppolicy.
You can split your DIT to multiple database apply ppolicy to the database with your user account subtree and glue the databases together to behave like a single DIT again.


Marc



________________________________

This message (including any attachments) is confidential and intended for a specific individual and purpose. If you are not the intended recipient, please notify the sender immediately and delete this message.
Loading...