We encourage you to set Password Policies as high up in the tree as you can, to simplify administration.
A policy is not in effect until you assign it to one or more objects. You can assign a password policy to the following objects:
We recommend that you create a default Password Policy for all users in the tree, which you do by creating a policy and assigning it to the Login Policy object. The Login Policy object is located in the Security container just below the root of the tree.
If you assign a policy to a container that is the root of a partition, the policy assignment is inherited by all users in that partition, including users in subcontainers. To determine whether a container is a partition root, browse for the container and note whether a partition icon displayed beside it, like the following example:
If you assign a policy to a container that is not the root of a partition, the policy assignment is inherited only by users held in that specific container. It is not inherited by users that are held in subcontainers. If you want the policy to apply to all users below a container that is not a partition root, you must assign the policy to each subcontainer individually.
NOTE: Special Password Policies are automatically created for Driver Set objects.
Only one policy is effective for a user at a time. Novell Modular Authentication Services (NMAS) determines which policy is effective for a user by looking for policies in this order, and applying the first one it finds.