ITS#9200 Document other ppolicy changes

author Ondřej Kuzník <ondra@mistotebe.net>

Mon, 12 Apr 2021 14:36:42 +0000 (15:36 +0100)

committer Quanah Gibson-Mount <quanah@openldap.org>

Mon, 12 Apr 2021 20:01:16 +0000 (20:01 +0000)
author Ondřej Kuzník <ondra@mistotebe.net>
Mon, 12 Apr 2021 14:36:42 +0000 (15:36 +0100)
committer Quanah Gibson-Mount <quanah@openldap.org>
Mon, 12 Apr 2021 20:01:16 +0000 (20:01 +0000)
diff --git a/doc/guide/admin/appendix-upgrading.sdf b/doc/guide/admin/appendix-upgrading.sdf

index 17acef33d0c67f9120b193ee8b0015584fea44b9..32c921f293e94036c96985829eab76885f25c4f6 100644 (file)
--- a/doc/guide/admin/appendix-upgrading.sdf
+++ b/doc/guide/admin/appendix-upgrading.sdf
@@ -14,6 +14,12 @@ H2: {{B:cn=config}} olc* attributes
  
  H2: ppolicy overlay
  
+The overlay now implements version 10 of the ppolicy draft in full. This includes the notion of a password
+administrator where applicable (as determined by having a {{manage}} permission to the {{userPassword}} attribute)
+and skips certain processing when there is no valid policy in effect or where the operation is initiated by
+a password administrator. Many attributes are now tagged with {{NO-USER-MODIFICATION}} in the schema, requiring
+the use of {{relax}} control to modify them.
+
  In OpenLDAP 2.4 the {{slapo-ppolicy}}(5) overlay relied on a separate schema file to be included for it to function.
  This schema is now implemented internally in the slapo-ppolicy module. When upgrading {{slapd.conf}}(5) deployments
  the include statement for the schema must be removed.  For {{slapd-config}}(5) deployments, the config database
author	Ondřej Kuzník <ondra@mistotebe.net>
	Mon, 12 Apr 2021 14:36:42 +0000 (15:36 +0100)
committer	Quanah Gibson-Mount <quanah@openldap.org>
	Mon, 12 Apr 2021 20:01:16 +0000 (20:01 +0000)