directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1468346 - /directory/site/trunk/content/apacheds/advanced-ug/4.3-password-policy.mdtext
Date Tue, 16 Apr 2013 10:10:38 GMT
Author: elecharny
Date: Tue Apr 16 10:10:38 2013
New Revision: 1468346

Added some content


Modified: directory/site/trunk/content/apacheds/advanced-ug/4.3-password-policy.mdtext
--- directory/site/trunk/content/apacheds/advanced-ug/4.3-password-policy.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.3-password-policy.mdtext Tue Apr 16
10:10:38 2013
@@ -128,6 +128,28 @@ Here is the entry in LDIF format:
 All the configured delays are stored in seconds. As a rule of thumb, a day is 86400 seconds,
a week is 604800 seconds and a month can be 2419200 seconds or 2505600 seconds (february normal
and leap years), 2592000 seconds (april, june, september, november) and 2678400 (january,
march, may, july, august, october and december)
+In the draft, it is said that the passwordPolicy can apply to one user or to many. It's also
suggested that some _Administrative Area_ could be used for that purpose : the users present
in such an area will be constrained but the associated _PasswordPolicy_. At the moment, **ApacheDS**
does not implement such a mechanism, and will rely on either the global configuration, stored
in the _ou=config_ partition, or we can define a specific _Password Policy_ for a user. In
this case, we will store in each user the reference to the _Password Policy_ to use into the
_pwdPolicySubentry_ attribute (it contains a reference -a **DN** - to an entry storing the
specific configuration).
+This specific configuration is stored into an entry having the _pwdPolicy_ Auxiliary ObjectClass,
which description is :
+	:::Text
+	(
+         NAME 'pwdPolicy'
+         SUP top
+         AUXILIARY
+         MUST ( pwdAttribute )
+         MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+         pwdMinLength $ pwdMaxLength $ pwdExpireWarning $
+         pwdGraceAuthNLimit $ pwdGraceExpiry $ pwdLockout $
+         pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+         pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $
+         pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) )
+<DIV class="warning" markdown="1">
+Note that the specification allows the administrator to apply the password policy on any
attribute, with a default value of _userPassword_ ApacheDS does not yet allow the use of another
 #### Enabling/Disabling the PasswordPolicy
 The _PasswordPolicy_ is enabled by default. It's possible to disable it by setting the _ads-enabled_
value to FALSE, with a server restart.

View raw message