From fa343b639471c64b1dc671e5fb037e33bb46abbc Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Mon, 12 Apr 2021 15:36:42 +0100 Subject: [PATCH] ITS#9200 Document other ppolicy changes --- doc/guide/admin/appendix-upgrading.sdf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/guide/admin/appendix-upgrading.sdf b/doc/guide/admin/appendix-upgrading.sdf index 17acef33d0..32c921f293 100644 --- a/doc/guide/admin/appendix-upgrading.sdf +++ b/doc/guide/admin/appendix-upgrading.sdf @@ -14,6 +14,12 @@ H2: {{B:cn=config}} olc* attributes H2: ppolicy overlay +The overlay now implements version 10 of the ppolicy draft in full. This includes the notion of a password +administrator where applicable (as determined by having a {{manage}} permission to the {{userPassword}} attribute) +and skips certain processing when there is no valid policy in effect or where the operation is initiated by +a password administrator. Many attributes are now tagged with {{NO-USER-MODIFICATION}} in the schema, requiring +the use of {{relax}} control to modify them. + In OpenLDAP 2.4 the {{slapo-ppolicy}}(5) overlay relied on a separate schema file to be included for it to function. This schema is now implemented internally in the slapo-ppolicy module. When upgrading {{slapd.conf}}(5) deployments the include statement for the schema must be removed. For {{slapd-config}}(5) deployments, the config database -- 2.47.3