You can assign a password policy to users in eDirectory by assigning the policy to the whole tree (using the Login Policy object), specific partitions or containers, or specific users. We encourage you to set password policies as high up in the tree as you can, to simplify administration.
A policy is not in effect until you assign it to one or more objects. You can assign a password policy to the following objects:
Login Policy object
We recommend that you create a default password policy for all users in the tree, which you do by creating a policy and assigning it to the Login Policy object. The Login Policy object is located in the Security container just below the root of the tree.
A container that is a partition root
If you assign a policy to a container that is the root of a partition, the policy assignment is inherited by all users in that partition, including users in subcontainers. To determine whether a container is a partition root, browse for the container and note whether a partition icon is displayed beside it.
A container that is not a partition root
If you assign a policy to a container that is not the root of a partition, the policy assignment is inherited only by users held in that specific container. It is not inherited by users that are held in subcontainers. If you want the policy to apply to all users below a container that is not a partition root, you must assign the policy to each subcontainer individually.
A specific user
Only one policy is effective for a user at a time. Novell Modular Authentication Services (NMAS) determines which policy is effective for a user by looking for policies in the following order and applying the first one it finds.
Specific user assignment: If a password policy has been assigned specifically to the user, that policy is applied.
Container: If the user has no specific assignment, NMAS applies the policy that is assigned to the container which holds the user.
Partition root container: If no policy is assigned to the user or to the container directly above the user, the policy assigned to the partition root container is applied.
Login Policy object: If no policy is assigned to the user or other containers, the policy assigned to the Login Policy object is applied. It is the default policy for all users in the tree.
The following figure shows an example of the property page where you specify which object password policy is assigned to: