Otoh, making it user modifiable was a mistake and broke the rfc specification, which says it's a NO-USER-MODIFIABLE attribute.
Le samedi 19 décembre 2015, <ludovic.poi...@gmail.com> a écrit : > In my opinion, the pwdPolicySubentry attribute should be read-only > generated by the server. > > We had made the error in Sun Directory Server to allow customers to set it > manually, and it was very confusing that the attribute served 2 roles : a > way to find the pwd policy entry applicable for the entry, and a way to set > a different or new policy for an account. > > In OpenDJ ( and all other servers from the same code base) we use 2 > different attributes. That separation made it easier to handle for > applications and administrators. > > My 2 cents > > Ludo > > -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
