If I do this, it is applicable to all users.
ldapadd -v -H "ldaps://hostName/" -x -W -D cn=admin,dc=mydomain,dc=com -f pwdMaxAge.ldif
dn: cn=passwordDefault,ou=Policies,dc=mydomain,dc=com
changetype: modify
replace: pwdMaxAge
pwdMaxAge: 3000
Tried the below ldif to set pwdMaxAge for an existing user:
ldapadd -v -H "ldaps://hostName/" -x -W -D cn=admin,dc=mydomain,dc=com -f pwdMaxAge_user.ldif
dn: cn=test2,ou=Users,dc=mydomain,dc=com
objectClass: device
objectClass: pwdPolicy
objectClass: top
pwdAttribute: userPassword
cn: test2
uid: test2
pwdMaxAge: 300
It gives:
ldap_initialize( ldaps://hostName:636/??base )
add objectClass:
device
pwdPolicy
top
add pwdAttribute:
userPassword
add cn:
test2
add pwdMaxAge:
300
adding new entry "cn=test2,ou=Users,dc=mydomain,dc=com"
ldap_add: Object class violation (65)
additional info: attribute 'uid' not allowed
It adds a new CN if i remove UID. but doesn't help setting the pwdMaxAge for the user. how do i set it correctly?
Edit: Started creating individual policies: cat ppolicy_individual.ldif
dn: cn=fin_user,ou=Policies,dc=mydomain,dc=com
objectClass: device
objectClass: pwdPolicy
cn: fin_user
pwdAttribute: userPassword
pwdMaxAge: 300
pwdInHistory: 0
pwdMaxFailure: 0
pwdLockout: FALSE
pwdMinLength: 0
pwdSafeModify: FALSE
cat pwdPolicySubentry.ldif
dn: cn=test2,ou=Users,dc=mydomain,dc=com
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=fin_user,ou=Policies,dc=mydomain,dc=com
# ldapmodify -v -H "ldaps://hostName/" -x -W -D cn=admin,dc=mydomain,dc=com -f pwdPolicySubentry.ldif
ldap_initialize( ldaps://hostName:636/??base )
add pwdPolicySubentry:
cn=fin_user,ou=Policies,dc=mydomain,dc=com
modifying entry "uid=test2,ou=Users,dc=mydomain,dc=com"
modify complete
But it doesn't seem to make any difference.