From a15389ecf6c00cdefcbb79b6faea67e0fb9c71d6 Mon Sep 17 00:00:00 2001
From: Mark Craig <mark.craig@forgerock.com>
Date: Mon, 12 Sep 2011 12:22:43 +0000
Subject: [PATCH] Fix for OPENDN-276: Do not use virtual attributes to choose password policy, instead use collective attributes

---
 opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-pwd-policy.xml |   26 ++++++++++++++++++--------
 1 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-pwd-policy.xml b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-pwd-policy.xml
index 64734c9..2bb82e5 100644
--- a/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-pwd-policy.xml
+++ b/opendj-sdk/opendj3/src/main/docbkx/admin-guide/chap-pwd-policy.xml
@@ -477,20 +477,30 @@
    </step>
   </procedure>
 
-  <procedure>
+  <procedure xml:id="assign-pwp-to-group">
    <title>To Assign a Password Policy to a Group</title>
    
    <step>
-    <para>Create a virtual attribute to set the
+    <para>Create a subentry defining the collective attribute that sets the
     <literal>ds-pwp-password-policy-dn</literal> attribute for group
     members' entries.</para>
     
-    <screen>$ dsconfig -p 4444 -h `hostname` -D "cn=Directory Manager" -w password
- create-virtual-attribute --name "Dir Admin Password Policy"
- --type user-defined --set attribute-type:ds-pwp-password-policy-dn
- --set value:"cn=Root Password Policy,cn=Password Policies,cn=config"
- --set group-dn:"cn=Directory Administrators,ou=Groups,dc=example,dc=com"
- --set enabled:true -X -n</screen>
+    <screen>$ cat pwp-coll.ldif
+dn: cn=Password Policy for Dir Admins,dc=example,dc=com
+objectClass: collectiveAttributeSubentry
+objectClass: extensibleObject
+objectClass: subentry
+objectClass: top
+cn: Password Policy for Dir Admins
+ds-pwp-password-policy-dn;collective: cn=Root Password Policy,cn=Pass
+ word Policies,cn=config
+subtreeSpecification: { base "ou=People", specificationFilter "(isMemberOf=
+ cn=Directory Administrators,ou=Groups,dc=example,dc=com)"}
+
+$ ldapmodify -p 1389 -D "cn=Directory Manager" -w password -a -f pwp-coll.ldif
+Processing ADD request for cn=Password Policy for Dir Admins,dc=example,dc=com
+ADD operation successful for DN cn=Password Policy for Dir
+ Admins,dc=example,dc=com</screen>
    </step>
    <step>
     <para>Check your work.</para>

--
Gitblit v1.10.0