Overview#Since the password policy could apply to several attributes used to store passwords, each of the above operational attributes must have an option to specify which pwdAttribute it applies to.
The password policy option is defined as the following:
pwd-<passwordAttribute>} where passwordAttribute a string following the OID syntax 220.127.116.11.4.1.1418.104.22.168.38. The attribute type descriptor (short name) MUST be used.
This attribute option follows sub-typing semantics. If a client requests a password policy state attribute to be returned in a search operation, and does not specify an option, all subtypes of that policy state attribute are returned.