Table of Contents
Advertisement
Designing a Password Policy
For a user (for example,
following changes are required:
•
Add a container entry (
various password policy related entries for the user and its children. For
example:
•
Add a password policy specification entry (
the password policy attributes that are specific to the user. For example:
•
Assign the value of the above entry DN to the
of the target entry. For example:
You can make these changes either from the Directory Server Console or by using
the
ns-newpwpolicy.pl
Command, and File Reference lists the command-line syntax for the script. The Red
Hat Directory Server Administrator's Guide includes procedures for accomplishing
these tasks. Once these entries are added to the directory, they help determine the
type (global or local) of the password policy Directory Server should enforce.
When a user attempts to bind to the directory, Directory Server determines
whether a local policy has been defined and enabled for the user's entry.
•
To determine whether the fine-grained password policy is enabled, the server
checks the value (
attribute of the
policies defined at the subtree and user levels and enforces the global
password policy.
166
Red Hat Directory Server Deployment Guide • May 2005
uid=jdoe, ou=people, dc=example, dc=com
nsPwPolicyContainer
dn: cn=nsPwPolicyContainer, ou=people, dc=example, dc=com
objectClass: top
objectClass: nsContainer
cn: nsPwPolicyContainer
dn: cn="cn=nsPwPolicyEntry, uid=jdoe, ou=people, dc=example,
dc=com", cn=nsPwPolicyContainer, ou=people, dc=example,
dc=com
objectclass: top
objectclass: ldapsubentry
objectclass: passwordpolicy
dn: uid=jdoe, ou=people, dc=example, dc=com
changetype: modify
replace: pwdpolicysubentry
pwdpolicysubentry: "cn=nsPwPolicyEntry, uid=jdoe, ou=people,
dc=example, dc=com", cn=nsPwPolicyContainer, ou=people,
dc=example, dc=com
script. The Red Hat Directory Server Configuration,
or
on
off
cn=config
) at the parent level for holding
nsPwPolicyEntry
pwdpolicysubentry
) assigned to the
nsslapd-pwpolicy-local
entry. If the value is
off
), the
) for holding
attribute
, the server ignores the
Advertisement
Table of Contents
Related Manuals for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
Related Products for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
- Red Hat DIRECTORY SERVER 8.1 - 11-01-2010
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.7 - ADMINISTRATION