From: Howard Chu <hyc@openldap.org>
Date: Mon, 21 Apr 2008 21:44:20 +0000 (+0000)
Subject: Clarify ppolicy text
X-Git-Tag: OPENLDAP_REL_ENG_2_4_9~20^2~5
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=660d3acfdc9378cc2b2708eca1d7325e302b16b9;p=openldap

Clarify ppolicy text
---

diff --git a/doc/guide/admin/overlays.sdf b/doc/guide/admin/overlays.sdf
index f1e2b0ede3..4bd6af05db 100644
--- a/doc/guide/admin/overlays.sdf
+++ b/doc/guide/admin/overlays.sdf
@@ -857,14 +857,14 @@ You can create additional policy objects as needed.
 
 There are two ways password policy can be applied to individual objects:
 
-1. Default password policy - If, as in the example above, the password policy 
-module was configured with the DN of a default policy object and if that object 
-exists, then the policy defined in that object is applied.
-
-2. The pwdPolicySubentry in a user's object - If a user's object contains a 
-value for the pwdPolicySubEntry attribute, and if that object exists, then 
-the policy defined by that object is applied. Remember that we need to add 
-object class pwdPolicy to the user's object as well.
+1. The pwdPolicySubentry in a user's object - If a user's object has a
+pwdPolicySubEntry attribute specifying the DN of a policy object, then 
+the policy defined by that object is applied.
+
+2. Default password policy - If there is no specific pwdPolicySubentry set
+for an object, and the password policy module was configured with the DN of a
+default policy object and if that object exists, then the policy defined in
+that object is applied.
 
 Please see {{slapo-ppolicy(5)}} for complete explanations of features and discussion of
  "Password Management Issues" at {{URL:http://www.connexitor.com/forums/viewtopic.php?f=6&t=25}}