directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r858647 - in /websites/staging/directory/trunk/content: ./ apacheds/advanced-ug/4.3-password-policy.html
Date Tue, 16 Apr 2013 10:10:47 GMT
Author: buildbot
Date: Tue Apr 16 10:10:47 2013
New Revision: 858647

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Apr 16 10:10:47 2013
@@ -1 +1 @@
-1468139
+1468346

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
(original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
Tue Apr 16 10:10:47 2013
@@ -313,6 +313,25 @@ ads-pwdSafeModify: FALSE
 <p><DIV class="warning" markdown="1">
 All the configured delays are stored in seconds. As a rule of thumb, a day is 86400 seconds,
a week is 604800 seconds and a month can be 2419200 seconds or 2505600 seconds (february normal
and leap years), 2592000 seconds (april, june, september, november) and 2678400 (january,
march, may, july, august, october and december)
 </DIV></p>
+<p>In the draft, it is said that the passwordPolicy can apply to one user or to many.
It's also suggested that some <em>Administrative Area</em> could be used for that
purpose : the users present in such an area will be constrained but the associated <em>PasswordPolicy</em>.
At the moment, <strong>ApacheDS</strong> does not implement such a mechanism,
and will rely on either the global configuration, stored in the <em>ou=config</em>
partition, or we can define a specific <em>Password Policy</em> for a user. In
this case, we will store in each user the reference to the <em>Password Policy</em>
to use into the <em>pwdPolicySubentry</em> attribute (it contains a reference
-a <strong>DN</strong> - to an entry storing the specific configuration).</p>
+<p>This specific configuration is stored into an entry having the <em>pwdPolicy</em>
Auxiliary ObjectClass, which description is :</p>
+<div class="codehilite"><pre>( 1.3.6.1.4.1.42.2.27.8.2.1
+     NAME &#39;pwdPolicy&#39;
+     SUP top
+     AUXILIARY
+     MUST ( pwdAttribute )
+     MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+     pwdMinLength $ pwdMaxLength $ pwdExpireWarning $
+     pwdGraceAuthNLimit $ pwdGraceExpiry $ pwdLockout $
+     pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+     pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $
+     pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) )
+</pre></div>
+
+
+<p><DIV class="warning" markdown="1">
+Note that the specification allows the administrator to apply the password policy on any
attribute, with a default value of <em>userPassword</em> ApacheDS does not yet
allow the use of another Attribute.
+</DIV></p>
 <h4 id="enablingdisabling-the-passwordpolicy">Enabling/Disabling the PasswordPolicy</h4>
 <p>The <em>PasswordPolicy</em> is enabled by default. It's possible to
disable it by setting the <em>ads-enabled</em> value to FALSE, with a server restart.</p>
 <h2 id="password-protection">Password protection</h2>



Mime
View raw message