directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r858159 - in /websites/staging/directory/trunk/content: ./ apacheds/advanced-ug/
Date Thu, 11 Apr 2013 22:06:34 GMT
Author: buildbot
Date: Thu Apr 11 22:06:34 2013
New Revision: 858159

Log:
Staging update by buildbot for directory

Added:
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.html
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Apr 11 22:06:34 2013
@@ -1 +1 @@
-1466856
+1467113

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.html
(original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.html
Thu Apr 11 22:06:34 2013
@@ -194,6 +194,7 @@
 <li><a href="4.2.11-links-and-references.html">4.2.11 - Links and References</a></li>
 </ul>
 </li>
+<li><a href="4.3-password-policy.html">4.3 Password Policy</a></li>
 </ul>
 
 

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.html
(original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.html
Thu Apr 11 22:06:34 2013
@@ -130,7 +130,7 @@
         </div>
         <div class="nav_next">
         
-            <a href="4.1.3-kerberos-authn.htlm">4.1.3 - Kerberos authentication</a>
+            <a href="4.1.3-kerberos-authn.html">4.1.3 - Kerberos authentication</a>
 		
         </div>
         <div class="clearfix"></div>
@@ -169,7 +169,7 @@
         </div>
         <div class="nav_next">
         
-            <a href="4.1.3-kerberos-authn.htlm">4.1.3 - Kerberos authentication</a>
+            <a href="4.1.3-kerberos-authn.html">4.1.3 - Kerberos authentication</a>
 		
         </div>
         <div class="clearfix"></div>

Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html (added)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html Thu
Apr 11 22:06:34 2013
@@ -0,0 +1,242 @@
+<!DOCTYPE html>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<html>
+	<head>
+		<title>4.2 - Authorization &mdash; Apache Directory</title>
+		
+        <link href="./../../css/common.css" rel="stylesheet" type="text/css">
+    	<link href="./../../css/green.css" rel="stylesheet" type="text/css">
+    
+        
+        <link rel="shortcut icon" href="./../../images/server-icon_16x16.png">
+    
+        <!-- Google Analytics -->
+        <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
+        <script type="text/javascript">
+            _uacct = "UA-1358462-1";
+            urchinTracker();
+        </script>
+	</head>
+	<body>
+	    <div id="container">
+            <div id="header">
+                <div id="subProjectsNavBar">
+                    <a href="./../../">
+                        
+                        Apache Directory Project
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../apacheds">
+                        
+                        <STRONG>ApacheDS</STRONG>
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../studio">
+                        
+                        Apache Directory Studio
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../api">
+                        
+                        Apache LDAP API
+                        
+                    </a>
+                </div><!-- subProjectsNavBar -->
+            </div><!-- header -->
+            <div id="content">
+                <div id="leftColumn">
+                    
+<div id="navigation">
+    
+    <h5>ApacheDS 2.0</h5>
+    <ul>
+        <li><a href="./../../apacheds/">Home</a></li>
+        <li><a href="./../../apacheds/features.html">Features</a></li>
+    </ul>
+    <h5>Downloads</h5>
+    <ul>
+        <li><a href="./../../apacheds/downloads.html">ApacheDS 2.0.0-M11</a>&nbsp;&nbsp;<img
src="./../../images/new_badge.gif" alt="" style="margin-bottom:-3px;" border="0"></li>
+        <li><a href="./../../apacheds/download-old-versions.html">Older versions</a></li>
+    </ul>
+    <h5>Documentation</h5>
+    <ul>
+        <li><a href="./../../apacheds/basic-user-guide.html">Basic User Guide
</a></li>
+        <li><a href="./../../apacheds/advanced-user-guide.html">Advanced User
Guide</a></li>
+        <li><a href="./../../apacheds/developer-guide.html">Developer Guide</a></li>
+        <li><a href="./../../apacheds/kerberos-user-guide.html">Kerberos User
Guide</a></li>
+        <li><a href="./../../apacheds/configuration/ads-2.0-configuration.html">Configuration</a></li>
+            <!--li><a href="./../../apacheds/gen-docs/latest">Generated Reports
(e.g. JavaDocs)</a></li-->
+    </ul>
+    
+    
+    <h5>Support</h5>
+    <ul>
+        <li><a href="./../../mailing-lists-and-irc.html">Mailing Lists &amp;
IRC</a></li>
+        <li><a href="./../../sources.html">Sources</a></li>
+        <li><a href="./../../issue-tracking.html">Issue Tracking</a></li>
+        <li><a href="./../../commercial-support.html">Commercial Support</a></li>
+    </ul>
+    <h5>Community</h5>
+    <ul>
+        <li><a href="./../../contribute.html">How to Contribute</a></li>
+        <li><a href="./../../team.html">Team</a></li>
+        <li><a href="./../../original-project-proposal.html">Original Project
Proposal</a></li>
+        <li><a href="./../../special-thanks.html" class="external-link" rel="nofollow">Special
Thanks</a></li>
+    </ul>
+    <h5>About Apache</h5>
+    <ul>
+        <li><a href="http://www.apache.org/">Apache</a></li>
+        <li><a href="http://www.apache.org/licenses/">License</a></li>
+        <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+        <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+        <li><a href="http://www.apache.org/security/">Security</a></li>
+    </ul>
+    <a href="http://acna13.eventbrite.com/?ref=ecount"><img src="http://holdenweb.com/static/images/BannerSquareSmall.png"
width="168" height="140"></a>
+    
+</div><!-- navigation -->
+
+                </div><!-- leftColumn -->
+                <div id="rightColumn">
+
+
+    <div class="nav">
+        <div class="nav_prev">
+        
+            <a href="4.1-authentication.html">4 - Authentication &amp; Authorization</a>
+		
+        </div>
+        <div class="nav_up">
+        
+            <a href="4-authentication-and-authorization.html"></a>
+		
+        </div>
+        <div class="nav_next">
+        
+            <a href="4.3-password-policy.html">4.3 Password Policy</a>
+		
+        </div>
+        <div class="clearfix"></div>
+    </div>
+
+
+<h1 id="42-authorization">4.2 - Authorization</h1>
+<p>ApacheDS uses an adaptation of the X.500 basic access control scheme in
+combination with X.500 subentries to control access to entries and
+attributes within the DIT. This document will show you how to enable the
+basic access control mechanism and how to define access control information
+to manage access to protected resources.</p>
+<h2 id="chapter-content">Chapter content</h2>
+<ul>
+<li><a href="4.5.1-introduction.html">4.5.1 - Introduction</a></li>
+<li><a href="4.5.2-definitions.html">4.5.2 - Definitions</a></li>
+<li><a href="4.5.3-enabling-access-control.html">4.5.3 - Enabling access control</a></li>
+<li><a href="4.5.4-aci-types.html">4.5.4 - Aci Types</a></li>
+<li><a href="4.5.5-aci-elements.html">4.5.5 - Aci Elements</a></li>
+<li><a href="4.5.6-the-acdf-engine.html">4.5.6 - The Acdf Engine</a></li>
+<li><a href="4.5.7-using-acis-trail.html">4.5.7 - Using Acis Trail</a></li>
+<li><a href="4.5.8-acis-administration.html">4.5.8 - Acis Administration</a></li>
+<li><a href="4.5.9-migration-from-other-ldap-servers.html">4.5.9 - Migration
from other Ldap Servers</a></li>
+<li><a href="4.5.10-aci-grammar.html">4.5.10 - Aci Grammar</a></li>
+<li><a href="4.5.11-links-and-references.html">4.5.11 - Links and References</a></li>
+</ul>
+<h2 id="some-simple-examples">Some Simple Examples</h2>
+<p>The ACIItem syntax is very expressive and that makes it extremely powerful
+for specifying complex access control policies. However the syntax is not
+very easy to grasp for beginners. For this reason we start with simple
+examples that focus on different protection mechanisms offered by the
+ACIItem syntax. We do this instead of specifying the grammar which is not
+the best way to learn a language.</p>
+<p><DIV class="warning" markdown="1">
+<B>Before you go any further...</B>
+Please don't go any further until you have read up on the use of
+Subentries. Knowledge of subentries, subtreeSpecifications, administrative
+areas, and administrative roles are required to properly digest the
+following material.
+</DIV></p>
+<p>Before going on to these trails you might want to set up an Administrative
+Area for managing access control via prescriptiveACI.  Both subentryACI and
+prescriptiveACI require the presence of an Administrative Point entry.  For
+more information and code examples see <a href="acareas.html">ACAreas</a>. </p>
+<h3 id="aci-trails">ACI Trails</h3>
+<p>Here are some trails that resemble simple HOWTO guides.  They're ordered
+with the most pragmatic usage first.  We will add to these trails over
+time.</p>
+<table>
+<thead>
+<tr>
+<th>Trail</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><a href="enablesearchforallusers.html">EnableSearchForAllUsers</a></td>
+<td>Enabling access to browse and read all entries and their attributes by authenticated
users.</td>
+</tr>
+<tr>
+<td>DenySubentryAccess (TBW)</td>
+<td>Protecting access to subentries themselves.</td>
+</tr>
+<tr>
+<td><a href="allowselfpasswordmodify.html">AllowSelfPasswordModify</a></td>
+<td>Granting users the rights needed to change their own passwords.</td>
+</tr>
+<tr>
+<td>GrantAddDelModToGroup (TBW)</td>
+<td>Granting add, delete, and modify permissions to a group of users.</td>
+</tr>
+<tr>
+<td>GrantModToEntry (TBW)</td>
+<td>Applying ACI to a single entry.</td>
+</tr>
+</tbody>
+</table>
+
+
+    <div class="nav">
+        <div class="nav_prev">
+        
+            <a href="4.1-authentication.html">4 - Authentication &amp; Authorization</a>
+		
+        </div>
+        <div class="nav_up">
+        
+            <a href="4-authentication-and-authorization.html"></a>
+		
+        </div>
+        <div class="nav_next">
+        
+            <a href="4.3-password-policy.html">4.3 Password Policy</a>
+		
+        </div>
+        <div class="clearfix"></div>
+    </div>
+
+
+                </div><!-- rightColumn -->
+                <div id="endContent"></div>
+            </div><!-- content -->
+            <div id="footer">&copy; 2003-2012, <a href="http://www.apache.org">The
Apache Software Foundation</a> - <a href="./../../privacy-policy.html">Privacy
Policy</a><br />
+                Apache Directory, ApacheDS, Apache Directory Server, Apache Directory Studio,
Apache LDAP API, Apache Triplesec, Triplesec, Apache, the Apache feather logo, and the Apache
Directory project logos are trademarks of The Apache Software Foundation.
+            </div>
+        </div><!-- container -->
+    </body>
+</html>
\ No newline at end of file

Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
(added)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
Thu Apr 11 22:06:34 2013
@@ -0,0 +1,326 @@
+<!DOCTYPE html>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<html>
+	<head>
+		<title>4.3. Password Policy &mdash; Apache Directory</title>
+		
+        <link href="./../../css/common.css" rel="stylesheet" type="text/css">
+    	<link href="./../../css/green.css" rel="stylesheet" type="text/css">
+    
+        
+        <link rel="shortcut icon" href="./../../images/server-icon_16x16.png">
+    
+        <!-- Google Analytics -->
+        <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
+        <script type="text/javascript">
+            _uacct = "UA-1358462-1";
+            urchinTracker();
+        </script>
+	</head>
+	<body>
+	    <div id="container">
+            <div id="header">
+                <div id="subProjectsNavBar">
+                    <a href="./../../">
+                        
+                        Apache Directory Project
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../apacheds">
+                        
+                        <STRONG>ApacheDS</STRONG>
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../studio">
+                        
+                        Apache Directory Studio
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../api">
+                        
+                        Apache LDAP API
+                        
+                    </a>
+                </div><!-- subProjectsNavBar -->
+            </div><!-- header -->
+            <div id="content">
+                <div id="leftColumn">
+                    
+<div id="navigation">
+    
+    <h5>ApacheDS 2.0</h5>
+    <ul>
+        <li><a href="./../../apacheds/">Home</a></li>
+        <li><a href="./../../apacheds/features.html">Features</a></li>
+    </ul>
+    <h5>Downloads</h5>
+    <ul>
+        <li><a href="./../../apacheds/downloads.html">ApacheDS 2.0.0-M11</a>&nbsp;&nbsp;<img
src="./../../images/new_badge.gif" alt="" style="margin-bottom:-3px;" border="0"></li>
+        <li><a href="./../../apacheds/download-old-versions.html">Older versions</a></li>
+    </ul>
+    <h5>Documentation</h5>
+    <ul>
+        <li><a href="./../../apacheds/basic-user-guide.html">Basic User Guide
</a></li>
+        <li><a href="./../../apacheds/advanced-user-guide.html">Advanced User
Guide</a></li>
+        <li><a href="./../../apacheds/developer-guide.html">Developer Guide</a></li>
+        <li><a href="./../../apacheds/kerberos-user-guide.html">Kerberos User
Guide</a></li>
+        <li><a href="./../../apacheds/configuration/ads-2.0-configuration.html">Configuration</a></li>
+            <!--li><a href="./../../apacheds/gen-docs/latest">Generated Reports
(e.g. JavaDocs)</a></li-->
+    </ul>
+    
+    
+    <h5>Support</h5>
+    <ul>
+        <li><a href="./../../mailing-lists-and-irc.html">Mailing Lists &amp;
IRC</a></li>
+        <li><a href="./../../sources.html">Sources</a></li>
+        <li><a href="./../../issue-tracking.html">Issue Tracking</a></li>
+        <li><a href="./../../commercial-support.html">Commercial Support</a></li>
+    </ul>
+    <h5>Community</h5>
+    <ul>
+        <li><a href="./../../contribute.html">How to Contribute</a></li>
+        <li><a href="./../../team.html">Team</a></li>
+        <li><a href="./../../original-project-proposal.html">Original Project
Proposal</a></li>
+        <li><a href="./../../special-thanks.html" class="external-link" rel="nofollow">Special
Thanks</a></li>
+    </ul>
+    <h5>About Apache</h5>
+    <ul>
+        <li><a href="http://www.apache.org/">Apache</a></li>
+        <li><a href="http://www.apache.org/licenses/">License</a></li>
+        <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+        <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+        <li><a href="http://www.apache.org/security/">Security</a></li>
+    </ul>
+    <a href="http://acna13.eventbrite.com/?ref=ecount"><img src="http://holdenweb.com/static/images/BannerSquareSmall.png"
width="168" height="140"></a>
+    
+</div><!-- navigation -->
+
+                </div><!-- leftColumn -->
+                <div id="rightColumn">
+
+
+    <div class="nav">
+        <div class="nav_prev">
+        
+            <a href="4.2-authorization.html"></a>
+		
+        </div>
+        <div class="nav_up">
+        
+			&nbsp;
+        
+        </div>
+        <div class="nav_next">
+        
+			&nbsp;
+        
+        </div>
+        <div class="clearfix"></div>
+    </div>
+
+
+<p>NavPrevText:4.2 - Authorization
+NavUp: 4-authentication-and-authorization.html
+NavPrevText: 4 - Authentication &amp; Authorization
+NavNext: 5-administration.html
+NavNextTest: 5 - Administration
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    http://www.apache.org/licenses/LICENSE-2.0
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.</p>
+<h1 id="43-password-policy">4.3. Password Policy</h1>
+<p>The <strong>Password Policy</strong> is a <strong>RFC</strong>
draft that has been designed for the very first version in 1999, and the latest version is
from 2009. Although it's still a draft, and it's currently noted as inactive, it has been
implemented by many existing <strong>LDAP</strong> servers.</p>
+<p><strong>ApacheDS</strong> implements the draft fully.</p>
+<h2 id="what-is-a-password-policy">What is a password policy ?</h2>
+<p>As explained on <a href="http://en.wikipedia.org/wiki/Password_policy">wikipedia</a>
:</p>
+<div class="codehilite"><pre>A password policy is a set of rules designed to
enhance computer security by encouraging users to employ strong passwords and use them properly.
+</pre></div>
+
+
+<p>Basically, the system, once activated, will enforce some rules and check the password
strength. We will list the various options in this chapter.</p>
+<h2 id="how-do-we-configure-it">How do we configure it ?</h2>
+<p>The <em>PasswordPolicy</em> can be configured in two ways. First of
all, it's important to know that it's activated by default. let's see the default configuration
first.</p>
+<p>There is an entry contianing all the default values for the <em>PasswordPolicy</em>,
under :</p>
+<div class="codehilite"><pre><span class="o">*</span> <span class="n">ou</span><span
class="o">=</span><span class="n">config</span>
+    <span class="o">*</span> <span class="n">ads</span><span class="o">-</span><span
class="n">directoryServiceId</span><span class="o">=</span><span class="sr">&lt;default&gt;</span>
+        <span class="o">*</span> <span class="n">ou</span><span
class="o">=</span><span class="n">interceptors</span>
+            <span class="o">*</span> <span class="n">ads</span><span
class="o">-</span><span class="n">interceptorId</span><span class="o">=</span><span
class="n">authenticationInterceptor</span>
+                <span class="o">*</span> <span class="n">ou</span><span
class="o">=</span><span class="n">passwordPolicies</span>
+</pre></div>
+
+
+<p>This entry contains the following values :</p>
+<div class="codehilite"><pre>dn: ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationIn
+ terceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
+objectclass: top
+objectclass: ads-base
+objectclass: ads-passwordPolicy
+ads-pwdattribute: userPassword
+ads-pwdid: default
+ads-enabled: TRUE
+ads-pwdallowuserchange: TRUE
+ads-pwdcheckquality: 1
+ads-pwdexpirewarning: 600
+ads-pwdfailurecountinterval: 30
+ads-pwdgraceauthnlimit: 5
+ads-pwdgraceexpire: 0
+ads-pwdinhistory: 5
+ads-pwdlockout: TRUE
+ads-pwdlockoutduration: 0
+ads-pwdmaxage: 0
+ads-pwdmaxdelay: 0
+ads-pwdmaxfailure: 5
+ads-pwdmaxidle: 0
+ads-pwdmaxlength: 0
+ads-pwdminage: 0
+ads-pwdmindelay: 0
+ads-pwdminlength: 5
+ads-pwdmustchange: FALSE
+ads-pwdsafemodify: FALSE
+</pre></div>
+
+
+<h4 id="disabling-the-passwordpolicy">Disabling the PasswordPolicy</h4>
+<p>The <em>PasswordPolicy</em> is enabled by default. It's possible to
disable it by setting the <em>ads-enabled</em> value to FALSE, with a server restart.</p>
+<h3 id="password-guessing-limit">Password guessing limit</h3>
+<p>The idea is to protect the password against multiple guess attempts. The following
rules are applied :</p>
+<div class="codehilite"><pre><span class="o">*</span> <span class="n">a</span>
<span class="n">counter</span> <span class="n">track</span> <span
class="n">the</span> <span class="n">failed</span> <span class="n">attemps</span><span
class="p">,</span> <span class="ow">and</span> <span class="n">block</span>
<span class="n">when</span> <span class="n">it</span><span class="err">&#39;</span><span
class="n">s</span> <span class="n">reached</span>
+<span class="o">*</span> <span class="n">an</span> <span class="n">incremental</span>
<span class="n">delay</span> <span class="n">is</span> <span class="n">added</span>
<span class="n">after</span> <span class="n">a</span> <span class="n">failure</span>
<span class="n">before</span> <span class="n">a</span> <span class="k">new</span>
<span class="n">attempt</span> <span class="n">can</span> <span
class="n">be</span> <span class="n">done</span>
+<span class="o">*</span> <span class="n">a</span> <span class="n">global</span>
<span class="n">delay</span> <span class="k">for</span> <span class="n">all</span>
<span class="n">the</span> <span class="n">failed</span> <span
class="n">attempt</span> <span class="n">is</span> <span class="n">used</span><span
class="p">,</span> <span class="n">when</span> <span class="n">reached</span><span
class="p">,</span> <span class="n">the</span> <span class="n">account</span>
<span class="n">is</span> <span class="n">blocked</span>
+</pre></div>
+
+
+<p>When the account is locked, it can remain locked, or be unlocked after a grace period.</p>
+<h4 id="attempts-counter">Attempts counter ()</h4>
+<p><DIV class="warn" markdown="1">
+Attributes : ads-pwdLockout, ads-pwdmaxfailure
+</DIV></p>
+<p>Each failed attempt will be logged in the entry, in the <em>pwdFailureTime</em>
Attribute (it will contain the date of the attempt). When the Attribute contains more values
than the maximum number of failed attempts, the entry will be locked (the <em>pwdAccountLockedTime</em>
Attribute will contain the date the entry has been locked).</p>
+<p><DIV class="warn" markdown="1">
+In order to activate this control the ads-pwdLockout parameter must be set to TRUE.
+</DIV></p>
+<p>The following table expose the various possible cases, with three failed attempts
: </p>
+<table>
+<thead>
+<tr>
+<th><em>ads-pwdmaxfailure</em></th>
+<th><em>pwdLockout</em></th>
+<th><em>pwdFailureTime</em></th>
+<th><em>pwdAccountLockedTime</em></th>
+<th>Locked</th>
+<th>Comment</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>3</td>
+<td>true</td>
+<td>date1</td>
+<td>-</td>
+<td>No</td>
+<td>Failure 1</td>
+</tr>
+<tr>
+<td></td>
+<td></td>
+<td>date1, date2</td>
+<td>-</td>
+<td>No</td>
+<td>Failure 2</td>
+</tr>
+<tr>
+<td></td>
+<td></td>
+<td>date1, date2, date3</td>
+<td>date3</td>
+<td>Yes</td>
+<td>Failure 3 : account locked</td>
+</tr>
+<tr>
+<td>3</td>
+<td>false</td>
+<td>date1</td>
+<td>-</td>
+<td>No</td>
+<td>Failure 1</td>
+</tr>
+<tr>
+<td></td>
+<td></td>
+<td>date1, date2</td>
+<td>-</td>
+<td>No</td>
+<td>Failure 2</td>
+</tr>
+<tr>
+<td></td>
+<td></td>
+<td>date1, date2, date3</td>
+<td>-</td>
+<td>No</td>
+<td>Failure 3</td>
+</tr>
+</tbody>
+</table>
+<p>As we can see, the account is locked only when we reach the number of failure, and
the <em>pwdLockout</em> flag is TRUE.</p>
+
+
+    <div class="nav">
+        <div class="nav_prev">
+        
+            <a href="4.2-authorization.html"></a>
+		
+        </div>
+        <div class="nav_up">
+        
+			&nbsp;
+        
+        </div>
+        <div class="nav_next">
+        
+			&nbsp;
+        
+        </div>
+        <div class="clearfix"></div>
+    </div>
+
+
+                </div><!-- rightColumn -->
+                <div id="endContent"></div>
+            </div><!-- content -->
+            <div id="footer">&copy; 2003-2012, <a href="http://www.apache.org">The
Apache Software Foundation</a> - <a href="./../../privacy-policy.html">Privacy
Policy</a><br />
+                Apache Directory, ApacheDS, Apache Directory Server, Apache Directory Studio,
Apache LDAP API, Apache Triplesec, Triplesec, Apache, the Apache feather logo, and the Apache
Directory project logos are trademarks of The Apache Software Foundation.
+            </div>
+        </div><!-- container -->
+    </body>
+</html>
\ No newline at end of file



Mime
View raw message