You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2013/04/16 12:10:47 UTC
svn commit: r858647 - in /websites/staging/directory/trunk/content: ./
apacheds/advanced-ug/4.3-password-policy.html
Author: buildbot
Date: Tue Apr 16 10:10:47 2013
New Revision: 858647
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Apr 16 10:10:47 2013
@@ -1 +1 @@
-1468139
+1468346
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html Tue Apr 16 10:10:47 2013
@@ -313,6 +313,25 @@ ads-pwdSafeModify: FALSE
<p><DIV class="warning" markdown="1">
All the configured delays are stored in seconds. As a rule of thumb, a day is 86400 seconds, a week is 604800 seconds and a month can be 2419200 seconds or 2505600 seconds (february normal and leap years), 2592000 seconds (april, june, september, november) and 2678400 (january, march, may, july, august, october and december)
</DIV></p>
+<p>In the draft, it is said that the passwordPolicy can apply to one user or to many. It's also suggested that some <em>Administrative Area</em> could be used for that purpose : the users present in such an area will be constrained but the associated <em>PasswordPolicy</em>. At the moment, <strong>ApacheDS</strong> does not implement such a mechanism, and will rely on either the global configuration, stored in the <em>ou=config</em> partition, or we can define a specific <em>Password Policy</em> for a user. In this case, we will store in each user the reference to the <em>Password Policy</em> to use into the <em>pwdPolicySubentry</em> attribute (it contains a reference -a <strong>DN</strong> - to an entry storing the specific configuration).</p>
+<p>This specific configuration is stored into an entry having the <em>pwdPolicy</em> Auxiliary ObjectClass, which description is :</p>
+<div class="codehilite"><pre>( 1.3.6.1.4.1.42.2.27.8.2.1
+ NAME 'pwdPolicy'
+ SUP top
+ AUXILIARY
+ MUST ( pwdAttribute )
+ MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
+ pwdMinLength $ pwdMaxLength $ pwdExpireWarning $
+ pwdGraceAuthNLimit $ pwdGraceExpiry $ pwdLockout $
+ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
+ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $
+ pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) )
+</pre></div>
+
+
+<p><DIV class="warning" markdown="1">
+Note that the specification allows the administrator to apply the password policy on any attribute, with a default value of <em>userPassword</em> ApacheDS does not yet allow the use of another Attribute.
+</DIV></p>
<h4 id="enablingdisabling-the-passwordpolicy">Enabling/Disabling the PasswordPolicy</h4>
<p>The <em>PasswordPolicy</em> is enabled by default. It's possible to disable it by setting the <em>ads-enabled</em> value to FALSE, with a server restart.</p>
<h2 id="password-protection">Password protection</h2>