note the single-value userPassword constraint (please review)

author Pierangelo Masarati <ando@openldap.org>

Mon, 28 Aug 2006 14:33:59 +0000 (14:33 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Mon, 28 Aug 2006 14:33:59 +0000 (14:33 +0000)
author Pierangelo Masarati <ando@openldap.org>
Mon, 28 Aug 2006 14:33:59 +0000 (14:33 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Mon, 28 Aug 2006 14:33:59 +0000 (14:33 +0000)
diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5

index 4f59db302f3ef29220294a46af56450323d67910..404324ed7eeb47499f9578b4639e18989812f292 100644 (file)
--- a/doc/man/man5/slapo-ppolicy.5
+++ b/doc/man/man5/slapo-ppolicy.5
@@ -29,6 +29,12 @@ is performed with the
  .B rootdn
  identity; all the operations, when performed with any other identity,
  may be subjected to constraints, like access control.
+.P
+Note that the IETF Password Policy proposal for LDAP makes sense
+when considering a single-valued password attribute, while 
+the userPassword attribute allows multiple values.  This implementation
+enforces a single value for the userPassword attribute, despite
+its specification.
  
  .SH CONFIGURATION
  These
author	Pierangelo Masarati <ando@openldap.org>
	Mon, 28 Aug 2006 14:33:59 +0000 (14:33 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Mon, 28 Aug 2006 14:33:59 +0000 (14:33 +0000)