Netscape DIRECTORY SERVER 6.2 - DEPLOYMENT Deployment Manual page 146

Designing a Password Policy
cosTemplateDn: cn="cn=nsPwTemplateEntry, ou=people,
dc=example, dc=com", cn=nsPwPolicyContainer, ou=people,
dc=example, dc=com
cosAttribute: pwdpolicysubentry default operational-default
For a user (for example,
following changes are required:
• Add a container entry (
holding various password policy related entries for the user and its
children. For example:
dn: cn=nsPwPolicyContainer, ou=people, dc=example, dc=com
objectClass: top
objectClass: nsContainer
cn: nsPwPolicyContainer
• Add a password policy specification entry (
the password policy attributes that are specific to the user. For example:
dn: cn="cn=nsPwPolicyEntry, uid=jdoe, ou=people, dc=example,
dc=com", cn=nsPwPolicyContainer, ou=people, dc=example, dc=com
objectclass: top
objectclass: ldapsubentry
objectclass: passwordpolicy
• Assign the value of the above entry DN to the
of the target entry. For example:
dn: uid=jdoe, ou=people, dc=example, dc=com
changetype: modify
replace: pwdpolicysubentry
pwdpolicysubentry: "cn=nsPwPolicyEntry, uid=jdoe, ou=people,
dc=example, dc=com", cn=nsPwPolicyContainer, ou=people,
dc=example, dc=com
You can make these changes either from the Directory Server Console or by
using the
Configuration, Command, and File Reference lists the command-line syntax for the
script. The Netscape Directory Server Administrator's Guide includes procedures
for accomplishing these tasks. Once these entries are added to the directory,
they help determine the type (global or local) of the password policy Directory
Server should enforce.
146 Netscape Directory Server Deployment Guide • December 2003
uid=jdoe, ou=people, dc=example, dc=com
nsPwPolicyContainer
ns-newpwpolicy.pl
) at the parent level for
nsPwPolicyEntry
pwdpolicysubentry
script. The Netscape Directory Server
), the
) for holding
attribute