From 9d690194a88200c47b3a1d7ed64efe5890c2943b Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 15 Nov 2006 16:25:47 +0000
Subject: [PATCH] Update the password policy implementation to use ds-pwp-password-policy-dn instead of pwdPolicySubentry for indicating which password policy should be applied for a given user.  The new attribute is not marked NO-USER-MODIFICATION so that it can be directly altered by administrators in addition to having a value populated by a virtual attribute.  The pwdPolicySubentry attribute is defined in the IETF draft as NO-USER-MODIFICATION and is only intended to be virtually defined, making it more difficult to configure a special policy for an individual user.

---
 opends/src/server/org/opends/server/core/PasswordPolicyState.java |   10 +++-------
 1 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/PasswordPolicyState.java b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
index 43583d2..6c2008f 100644
--- a/opends/src/server/org/opends/server/core/PasswordPolicyState.java
+++ b/opends/src/server/org/opends/server/core/PasswordPolicyState.java
@@ -298,14 +298,10 @@
     assert debugEnter(CLASS_NAME, "getPasswordPolicy");
 
 
-    // See if the user entry contains the pwdPolicySubentry attribute to select
-    // a custom objectclass (whether real or virtual).
+    // See if the user entry contains the ds-pwp-password-policy-dn attribute to
+    // select a custom objectclass (whether real or virtual).
     AttributeType type =
-         DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_SUBENTRY_LC);
-    if (type == null)
-    {
-      type = DirectoryServer.getDefaultAttributeType(OP_ATTR_PWPOLICY_SUBENTRY);
-    }
+         DirectoryServer.getAttributeType(OP_ATTR_PWPOLICY_POLICY_DN, true);
 
     List<Attribute> attrList = userEntry.getAttribute(type);
     if ((attrList == null) || attrList.isEmpty())

--
Gitblit v1.10.0