From 92ff6afec0248fece26a78327de6f3bf7f24cdf9 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Mon, 28 Aug 2006 14:33:59 +0000
Subject: [PATCH] note the single-value userPassword constraint (please review)

---
 doc/man/man5/slapo-ppolicy.5 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5
index 4f59db302f..404324ed7e 100644
--- a/doc/man/man5/slapo-ppolicy.5
+++ b/doc/man/man5/slapo-ppolicy.5
@@ -29,6 +29,12 @@ is performed with the
 .B rootdn
 identity; all the operations, when performed with any other identity,
 may be subjected to constraints, like access control.
+.P
+Note that the IETF Password Policy proposal for LDAP makes sense
+when considering a single-valued password attribute, while 
+the userPassword attribute allows multiple values.  This implementation
+enforces a single value for the userPassword attribute, despite
+its specification.
 
 .SH CONFIGURATION
 These 
-- 
2.39.5