Wednesday, March 21, 2018

[389-users] subtree level password policy enabled with a few user level pwdPolicysubentry exceptions


Fine-grained subtree password policy enabled for ou=people,dc=example,dc=com. The same password policy is applied to all users under ou=people,dc=example,dc=com. I need to apply a different password policy to a few users, what is the best way to do it?

The following is my failed attempts.

using Admin Console, I created "Fine-grained user policy" for uid=exception1,ou=people,dc=example,dc=com. A new policy entry for uid=exception1 was created under "cn=nspwpolicycontainer,ou=people,dc=example,dc=com". audit log has the message: pwdPolicysubentry attribute of "uid=exception1,ou=people,dc=example,dc=com" is successfully replaced with the DN of the new user policy entry. After refreshing the entry "uid=exception1,ou=people,dc=example,dc=com", pwdPolicysubentry attribute is NOT actually changed, it is still the DN of the subtree policy.
389-users mailing list --
To unsubscribe send an email to

No comments:

Post a Comment