5.5.1 Change Password Configuration has been edited by Emmanuel Lécharny (Nov 19, 2008).

(View changes)

Content:
Work in progress

This site is in the process of being reviewed and updated.

Before

Previously, Change Password protocol configuration existed in a PropertiesFactoryBean, along with JNDI environment properties.

<bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
  <property name="properties">
    <props>
      <prop key="java.naming.security.authentication">simple</prop>
      <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
      <prop key="java.naming.security.credentials">secret</prop>
      <prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>
      <prop key="changepw.java.naming.security.credentials">secret</prop>
    </props>
  </property>
</bean>

After

At the same time as the addition of numerous configuration parameters for SASL to the LDAP protocol, Change Password configuration has all moved to a ChangePasswordConfiguration bean.

<bean id="changePasswordConfiguration" class="org.apache.directory.server.changepw.ChangePasswordConfiguration">
    <!-- Whether to enable the Change Password protocol.                    -->
    <property name="enabled" value="true" />
    <!-- The port to run the Change Password protocol on.                   -->
    <property name="ipPort" value="464" />
  </bean>

The ChangePasswordConfiguration bean is subordinate to the MutableServerStartupConfiguration.

<bean id="configuration" class="org.apache.directory.server.configuration.MutableServerStartupConfiguration">
  ...
  <property name="changePasswordConfiguration" ref="changePasswordConfiguration" />
  ...
</bean>

Common Service Configuration Parameters

Parameter Default value Description
enabled false Whether this service is enabled.
ipPort 464 The IP port for this service.
ipAddress No default. The IP address for this service.
searchBaseDn "ou=users,dc=example,dc=com" The single location where principals are stored. If this property is not set the store will search the system partition configuration for catalog entries. Catalog support is highly experimental and is only tested in the OSGi build of ApacheDS using the Config Admin service.
initialContextFactory "org.apache.directory.server.core.jndi.CoreContextFactory" The JNDI initial context factory to use.
securityAuthentication "simple" The authentication mechanism to use for establishing a JNDI context.
securityPrincipal "uid=admin,ou=system" The principal to use for establishing a JNDI context.
securityCredentials "secret" The credentials to use for establishing a JNDI context.
serviceName Apache Change Password Service The friendly name of this service.
servicePid org.apache.changepw The PID for this service. A PID is a unique identifier for an instance of a service. PID's are used by OSGi's Config Admin service to dynamically inject configuration into a service when the service is started.
catalogBaseDn No default. The single location where catalog entries are stored. A catalog entry is a mapping of a realm (or zone for DNS) to a search base DN. If this property is not set the store will expect a single search base DN to be set. Catalog support is highly experimental and is only tested in the OSGi build of ApacheDS using the Config Admin service.

Change Password-Specific Configuration Parameters

Parameter Default value Description
encryptionTypes des-cbc-md5 The encryption types.
primaryRealm EXAMPLE.COM The primary realm.
servicePrincipal kadmin/changepw@EXAMPLE.COM The service principal name.
allowableClockSkew 5 minutes The allowable clock skew.
emptyAddressesAllowed true Whether tickets issued with empty Host Addresses are allowed.
policyPasswordLength 6 characters The policy for minimum password length.
policyCategoryCount 3 (out of 4) The policy for number of character categories required (A - Z), (a - z), (0 - 9), non-alphanumeric (!, $, #, %, ... ).
policyTokenSize 3 characters The policy for minimum token size. Passwords must not contain tokens larger than 'policyTokenSize' that occur in the user's principal name.

More Information

For help with more advanced configurations, check out our Interoperability Guide.

Powered by Atlassian Confluence (Version: 2.2.9 Build:#527 Sep 07, 2006) - Bug/feature request

Unsubscribe or edit your notifications preferences