ITS#9396 Recommend namedPolicy for ppolicy entries

diff --git a/doc/guide/admin/overlays.sdf b/doc/guide/admin/overlays.sdf
index 80b70b969989769b1f0a4886987e681fd4228cd8..277aecdcd4138c0ea2d9b1aec08ddf20614dc3c9 100644 (file)
--- a/doc/guide/admin/overlays.sdf
+++ b/doc/guide/admin/overlays.sdf
@@ -931,7 +931,7 @@ The actual policy would be:
 >       dn: cn=default,ou=policies,dc=example,dc=com
 >       cn: default
 >       objectClass: pwdPolicy
->       objectClass: person
+>       objectClass: namedPolicy
 >       objectClass: top
 >       pwdAllowUserChange: TRUE
 >       pwdAttribute: userPassword
@@ -948,10 +948,11 @@ The actual policy would be:
 >       pwdMinLength: 5
 >       pwdMustChange: FALSE
 >       pwdSafeModify: FALSE
->       sn: dummy value
 
 You can create additional policy objects as needed. 
 
+The namedPolicy object class is present because the policy entry
+requires a structural object class.
 
 There are two ways password policy can be applied to individual objects:
 

diff --git a/doc/man/man5/slapo-ppolicy.5 b/doc/man/man5/slapo-ppolicy.5
index 1c8efe1b8c1129794841e654f3cfd7961f281505..da768fec2534e065e37b328379708d9ef67612c0 100644 (file)
--- a/doc/man/man5/slapo-ppolicy.5
+++ b/doc/man/man5/slapo-ppolicy.5
@@ -125,6 +125,17 @@ object class.  The definition of that class is as follows:
         pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) )
 .RE
 
+The
+.B pwdPolicy
+class is not structural, and so entries using it require another,
+structural, object class.  The
+.B namedPolicy
+object class is a good choice.
+.B namedPolicy
+requires a
+.B cn
+attribute, suitable as the policy entry's rDN.
+
 This implementation also provides an additional
 .B pwdPolicyChecker
 objectclass, used for password quality checking (see below).