upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#10254 Fill in documentation

Browse source
This commit is contained in:
Ondřej Kuzník 2025-07-31 15:03:52 +01:00 committed by Quanah Gibson-Mount
parent cadbcc629c
commit a73e45dff5
1 changed files with 52 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
doc/man/man5/slapo-ppolicy.5
View file

@ -225,7 +225,7 @@ behaves as if the following rule was the first rule in
.RE .RE
.SH OBJECT CLASS .SH OBJECT CLASSES
The The
.B ppolicy .B ppolicy
overlay depends on the overlay depends on the
@ -260,10 +260,9 @@ requires a
.B cn .B cn
attribute, suitable as the policy entry's rDN. attribute, suitable as the policy entry's rDN.
This implementation also provides an additional This implementation also provides two additional objectclasses:
.B pwdPolicyChecker .B pwdPolicyChecker
objectclass, used for password quality checking (see specific attributes objectclass
below for usage).
.LP .LP
.RS 4 .RS 4
( 1.3.6.1.4.1.4754.2.99.1 ( 1.3.6.1.4.1.4754.2.99.1
@ -273,6 +272,21 @@ below for usage).
MAY ( pwdCheckModule $ pwdCheckModuleArg $ pwdUseCheckModule ) ) MAY ( pwdCheckModule $ pwdCheckModuleArg $ pwdUseCheckModule ) )
.RE .RE
.P .P
used for password quality checking and
.B pwdHashingPolicy
objectclass
.LP
.RS 4
( 1.3.6.1.4.1.4754.2.99.2
NAME 'pwdHashingPolicy'
SUP pwdPolicy
AUXILIARY
MAY ( pwdDefaultHash $ pwdRehashOnBind ) )
.RE
.P
for more fine-grained control over password hashing. See specific attributes
below for usage.
Every account that should be subject to password policy control should Every account that should be subject to password policy control should
have a have a
.B .B
@ -838,6 +852,40 @@ attribute is now obsolete and is ignored.
SINGLE\-VALUE ) SINGLE\-VALUE )
.RE .RE
.B pwdDefaultHash
.P
If specified, this attribute overrides the configured default password hash for
objects that are governed by this policy.
.LP
.RS 4
( 1.3.6.1.4.1.4754.1.99.4
NAME 'pwdDefaultHash'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
DESC 'Per policy default hash setting'
SINGLE\-VALUE )
.RE
.B pwdRehashOnBind
.P
This attribute denotes whether the user's existing password should be
rehashed. If
.B pwdReset
is set to "TRUE",
.B pwdDefaultHash
is set to a known password hash and a Simple Bind succeeds, the entry's
userPassword is replaced with a version using that hash.
.LP
.RS 4
( 1.3.6.1.4.1.4754.1.99.5
NAME 'pwdRehashOnBind'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
DESC 'On successful Simple Bind, rehash password
with default hash if different'
SINGLE\-VALUE )
.RE
.SH OPERATIONAL ATTRIBUTES .SH OPERATIONAL ATTRIBUTES
.P .P
The operational attributes used by the The operational attributes used by the