PolicyOverrideObject DN
The Policy Override Object DN field is an attribute that can point to a particular
sssServerPolicyOverride object. This attribute enables Novell® SecretStore®
to provide customized security for specific users located in various places
in the eDirectoryTM tree.
sssServerPolicyOverride objects override default settings found in the sssServerPolicies (SecretStore) object. These override objects can be children of sssServerPolicies, Organization, Organizational Unit, Country, Locality, or domain objects.
As a rule, set the high-security policies (for example, biometrics plus passwords) as defaults on the SecretStore object in the Security container. Set lower-priority policies on sssServerPolicyOverride objects, found in the SecretStore container.
If the single sign-on client can't find the SecretStore server that supports override objects, the client searches for any server that supports the default settings, found in the SecretStore object.
To provide override policies:
For example, enter SSS -O 2002specs.develop.digitalairlines.
A SecretStore server must support the override object. The -O 2002specs.develop.digitalairlines flag specifies the distinguished name of the sssServerPolicyOverride object. You load this flag so that users have access to customized settings in the override object.
When users use an override object, all the user's workstation requests go to that server. This feature provides load balancing.
To set this attribute:
Scenario. Ming and Claire are in the develop.digitalairlines context. Markus and Rie are in the design.digitalairlines context. You want all four users to have security options provided in the sssServerPolicyOverride object named 2002SPECS. You select Ming's User object, then browse to and select 2002SSPECS. You repeat this process for Claire, Markus, and Rie. You load a server with the command line information so that these four users have access to the customized settings in 2002SPECS.
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information, see Legal Notices.