From: Pierangelo Masarati Date: Thu, 29 Dec 2005 16:14:41 +0000 (+0000) Subject: clarify issues related to performing operations with rootdn identity X-Git-Tag: OPENLDAP_REL_ENG_2_4_BP~498 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=82c04bf2a0d3765f933281f1ee4416ee11403855;p=openldap clarify issues related to performing operations with rootdn identity --- diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5 index 58a75a2453..70180eb031 100644 --- a/doc/man/man5/slapo-ppolicy.5 +++ b/doc/man/man5/slapo-ppolicy.5 @@ -23,6 +23,12 @@ resets, acceptable password content, and even grace logins. Different groups of users may be associated with different password policies, and there is no limit to the number of password policies that may be created. +.P +Note that some of the policies do not take effect when the operation +is performed with the +.B rootdn +identity; all the operations, when performed with any other identity, +may be subjected to constraints, like access control. .SH CONFIGURATION These @@ -126,7 +132,7 @@ Note: in this implementation, the only value accepted for .B pwdAttribute is -.RI " userPassword ". +.IR " userPassword ". .LP .RS 4 ( 1.3.6.1.4.1.42.2.27.8.1.1 @@ -175,6 +181,9 @@ attribute is not present, or if its value is zero (0), used passwords will not be stored in .B pwdHistory and thus any previously-used password may be reused. +No history checking occurs if the password is being modified by the +.BR rootdn , +although the password is saved in the history. .LP .RS 4 ( 1.3.6.1.4.1.42.2.27.8.1.4 @@ -656,8 +665,7 @@ field is in GMT format. .B pwdGraceUseTime This attribute contains the list of timestamps of logins made after the user password in the DN has expired. These post-expiration -logins are known as -.RI " "grace logins" ." +logins are known as "\fIgrace logins\fP". If too many .I grace logins have been used (please refer to the