Information Technology Reference
In-Depth Information
in which case this approach to password policies wouldn't work. It has to be
more fine-grained. We need a reference to the applicable password policy to
be stored at the level of the user node, not a parent node. OpenLDAP is one
of the few directory servers that implement this feature.
Tip 6
: Have a separate sub-tree for “system” objects
The reference to the password policy node in the user nodes above hints at
a separate system sub-tree. Here is where you may want to store password
policies as well as “system accounts” (i.e., directory administrator accounts
as well as user IDs corresponding to applications rather than to human
users). The structure of this part of the tree may look like this:
Fig 40: System objects in the directory structure
