Configuring A Global Password Policy Using The Command-Line; Table 7-1 Password Policy Attributes - Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual

Create the local password policy for the subtree or user.
2.
a.
b.
c.
d.
e.

Configuring a Global Password Policy Using the Command-Line

This section describes the attributes you set to create a password policy for your
entire server. Use
entry.
Table 7-1 describes the attributes you can use to configure your password policy.
Password Policy Attributes
Table 7-1
Attribute Name
passwordGraceLimit
In the Directory Server Console, select the Directory tab.
In the navigation pane, select the subtree or user entry for which you
want to set up the password policy.
From the Object menu, select the Manage Password Policy option and then
select the "For user" or "For subtree."
Depending on your selection, the User Password Policy or Subtree
Password Policy window appears.
In the Passwords tab, select the "Create subtree/user level password
policy" checkbox to add the required attributes, fill in the appropriate
values, and click Save.
In the Account Lockout tab, specify the appropriate information and
click Save.
ldapmodify
Definition
This attribute (introduced in Directory Server 6.2) indicates the number
of grace logins permitted when a user's password is expired. When set
to a positive number, the user will be allowed to bind with the expired
password for that many times.
For the global password policy, the attribute is defined under
cn=config.
By default, this attribute is set to 0, which means grace logins are not
permitted.
to change these attributes in the
Chapter 7
Managing the Password Policy
cn=config
User Account Management 269