directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r858647 - in /websites/staging/directory/trunk/content: ./ apacheds/advanced-ug/4.3-password-policy.html
Date Tue, 16 Apr 2013 10:10:47 GMT
Author: buildbot
Date: Tue Apr 16 10:10:47 2013
New Revision: 858647

Staging update by buildbot for directory

    websites/staging/directory/trunk/content/   (props changed)

Propchange: websites/staging/directory/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Tue Apr 16 10:10:47 2013
@@ -1 +1 @@

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
Tue Apr 16 10:10:47 2013
@@ -313,6 +313,25 @@ ads-pwdSafeModify: FALSE
 <p><DIV class="warning" markdown="1">
 All the configured delays are stored in seconds. As a rule of thumb, a day is 86400 seconds,
a week is 604800 seconds and a month can be 2419200 seconds or 2505600 seconds (february normal
and leap years), 2592000 seconds (april, june, september, november) and 2678400 (january,
march, may, july, august, october and december)
+<p>In the draft, it is said that the passwordPolicy can apply to one user or to many.
It's also suggested that some <em>Administrative Area</em> could be used for that
purpose : the users present in such an area will be constrained but the associated <em>PasswordPolicy</em>.
At the moment, <strong>ApacheDS</strong> does not implement such a mechanism,
and will rely on either the global configuration, stored in the <em>ou=config</em>
partition, or we can define a specific <em>Password Policy</em> for a user. In
this case, we will store in each user the reference to the <em>Password Policy</em>
to use into the <em>pwdPolicySubentry</em> attribute (it contains a reference
-a <strong>DN</strong> - to an entry storing the specific configuration).</p>
+<p>This specific configuration is stored into an entry having the <em>pwdPolicy</em>
Auxiliary ObjectClass, which description is :</p>
+<div class="codehilite"><pre>(
+     NAME &#39;pwdPolicy&#39;
+     SUP top
+     MUST ( pwdAttribute )
+     MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+     pwdMinLength $ pwdMaxLength $ pwdExpireWarning $
+     pwdGraceAuthNLimit $ pwdGraceExpiry $ pwdLockout $
+     pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+     pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $
+     pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) )
+<p><DIV class="warning" markdown="1">
+Note that the specification allows the administrator to apply the password policy on any
attribute, with a default value of <em>userPassword</em> ApacheDS does not yet
allow the use of another Attribute.
 <h4 id="enablingdisabling-the-passwordpolicy">Enabling/Disabling the PasswordPolicy</h4>
 <p>The <em>PasswordPolicy</em> is enabled by default. It's possible to
disable it by setting the <em>ads-enabled</em> value to FALSE, with a server restart.</p>
 <h2 id="password-protection">Password protection</h2>

View raw message