Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual page 289

Assign the value of the above entry DN to the
H
attribute of the target entry. For example:
dn: uid=jdoe, ou=people, dc=example, dc=com
changetype: modify
replace: pwdpolicysubentry
pwdpolicysubentry: "cn=nsPwPolicyEntry, uid=jdoe,
ou=people, dc=example, dc=com", cn=nsPwPolicyContainer,
ou=people, dc=example, dc=com
Set the password policy attributes of subtree or user entry with the appropriate
2.
values.
Table 7-1 describes the attributes you can use to configure your password
policy. You may use the
entry.
cn=config
NOTE The
nsslapd-pwpolicy-local
controls the type of password policy the server enforces. By default,
this attribute is disabled (
server only checks for and enforces the global password policy; the
subtree and user level password policies are ignored.
When you run the
specified subtree and user entries and, if they exist, modifies them.
After updating the entries successfully, the script sets the
nsslapd-pwpolicy-local
If you don't want to enable the subtree and user level password
policy, be sure to set
the script.
To turn off user and subtree level password policy checks, set the
nsslapd-pwpolicy-local
example, you can use the
dn: cn=config
changetype: modify
replace: nsslapd-pwpolicy-local: on
nsslapd-pwpolicy-local: off
You can also disable the attribute by modifying it directly in the configuration file
( ). To do this:
dse.ldif
Stop the server.
1.
utility to change these attributes in the
ldapmodify
attribute of the
). When the attribute is disabled, the
off
ns-newpwpolicy.pl
configuration parameter to
nsslapd-pwpolicy-local
attribute to by modifying the
off
command to make these changes:
ldapmodify
Managing the Password Policy
pwdpolicysubentry
cn=config
script, it first checks for the
.
on
to after you run
off
cn=config
Chapter 7 User Account Management
entry
entry. For
289