# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 2004 The OpenLDAP Foundation.
+## Copyright 2004-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
-## Portions Copyright (C) The Internet Society (2004). All Rights Reserved.
+## Portions Copyright (C) The Internet Society (2004).
## Please see full copyright statement below.
-# Definitions from Draft behera-ldap-password-policy-07
+# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
# Password Policy for LDAP Directories
-
# With extensions from Hewlett-Packard:
# pwdCheckModule etc.
-#
+# Contents of this file are subject to change (including deletion)
+# without notice.
+#
+# Not recommended for production use!
+# Use with extreme caution!
+
# Internet-Draft P. Behera
# draft behera-ldap-password-policy-07.txt L. Poitou
# Intended Category: Proposed Standard Sun Microsystems
#
# The function should return LDAP_SUCCESS for a valid password.
-attributetype ( 1.3.6.1.4.1.42.2.27.8.1.99
+attributetype ( 1.3.6.1.4.1.4754.1.99.1
NAME 'pwdCheckModule'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
pwdMinLength $ pwdExpireWarning $ pwdGraceLoginLimit $ pwdLockout
$ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
- pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $ pwdCheckModule ) )
+ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
+
+objectclass ( 1.3.6.1.4.1.4754.2.99.1
+ NAME 'pwdPolicyChecker'
+ SUP top
+ AUXILIARY
+ MAY ( pwdCheckModule ) )
# 4.3. Attribute Types for Password Policy State Information
#