Table of Contents
Advertisement
password policy are stored in the entry cn=Password Policy,cn=config. Note that in
Directory Server 5.1, password policy attributes were located directly under cn=config.
Directory Server 6.0 introduces the new pwdPolicy object class. The attributes of this object
class replace the old password policy attributes. For a description of these new attributes see the
pwdPolicy(5dsoc) man page.
By default, the new password policy is backward compatible with the old password policy.
However, because backward compatibility is not guaranteed indefinitely, you should migrate to
the new password policy as soon as is convenient for your deployment. For information about
password policy compatibility, see
The following table provides a mapping of the new password policy attributes whose values
must be migrated from the legacy attributes.
Mapping Between 5 and 6.0 Password Policy Attributes
TABLE 3–3
Legacy Directory Server Attribute
- (password policy is applied to the userPassword
attribute only.)
passwordMinAge
passwordMaxAge
passwordInHistory
passwordSyntax
passwordMinLength
passwordWarning
-
passwordMustChange
passwordChange
-
passwordExp
passwordStorageScheme
passwordExpireWithoutWarning
passwordLockout
passwordLockoutDuration
passwordMaxFailure
Chapter 3 • Migrating Directory Server Manually
"Password Policy Compatibility" on page
Sun Confidential: Registered
Migrating Configuration Data Manually
Directory Server 6.0 Attribute
pwdAttribute
pwdMinAge
pwdMaxAge
pwdInHistory
pwdCheckQuality
pwdMinLength
pwdExpireWarning
pwdGraceLoginLimit
pwdMustChange
pwdAllowUserChange
pwdSafeModify
-
-
-
pwdLockout
pwdLockoutDuration
pwdMaxFailure
75.
43
Advertisement
Table of Contents
