You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/10/12 18:20:00 UTC
svn commit: r1021828 -
/directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml
Author: elecharny
Date: Tue Oct 12 16:20:00 2010
New Revision: 1021828
URL: http://svn.apache.org/viewvc?rev=1021828&view=rev
Log:
Added the pwdPolicy configuration doco
Modified:
directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml
Modified: directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml
URL: http://svn.apache.org/viewvc/directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml?rev=1021828&r1=1021827&r2=1021828&view=diff
==============================================================================
--- directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml (original)
+++ directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml Tue Oct 12 16:20:00 2010
@@ -382,6 +382,194 @@
</section>
<section id="PasswordPolicy configuration" xreflabel="PasswordPolicy configuration">
+ <title>PasswordPolicy configuration</title>
+ <para>The PasswordPolicy is an interceptor used to control the Password format and policy. The
+ configurable parameters are given below.
+ </para>
+ <simplesect>
+ <simplesect>
+ <title>pwdAttribute</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdAttribute</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>String or OID</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>userPassword</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>The name of the attribute to which the password policy is applied.
+ Currently only "userPassword" attribute is supported</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdLockoutDuration</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdLockoutDuration</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>300</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>The number of seconds that the password cannot be used to authenticate due to
+ too many failed bind attempts.
+ Default value is 300 seconds.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdMaxFailure</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdMaxFailure</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>The number of consecutive failed bind attempts after which the password may not
+ be used to authenticate.
+ Default value is 0, no limit on the number of authentication failures</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdFailureCountInterval</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdFailureCountInterval</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>The number of seconds after which the password failures are purged from the failure counter.
+ Default value is 0, reset all pwdFailureTimes after a successful authentication.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdMustChange</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdMustChange</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Boolean</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>false</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>Flag to indicate if the password must be changed by the user after they bind to the
+ directory after a password is set or reset by a password administrator.
+ Default value is false, no need to change the password by user.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdAllowUserChange</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdAllowUserChange</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Boolean</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>true</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>Indicates whether users can change their own passwords. Default value is true, allow change.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdSafeModify</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdSafeModify</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Boolean</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>false</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>Flag to specify whether or not the existing password must be sent along with the
+ new password when being changed.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdMinAge</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdMinAge</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>Holds the number of seconds that must elapse between modifications to the password.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdMaxAge</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdMaxAge</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>Holds the number of seconds after which a modified password will expire.
+ Default value is 0, does not expire. If not 0, the value must be greater than or equal
+ to the value of the pwdMinAge.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdMinDelay</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdMinDelay</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>The number of seconds to delay responding to the first failed authentication attempt
+ Default value 0, no delay.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdMaxDelay</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdMaxDelay</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>3</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>The maximum number of seconds to delay when responding to a failed authentication attempt.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdMaxIdle</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdMaxIdle</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>The number of seconds an account may remain unused before it becomes locked
+ Default value is 0, no check for idle time.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdGraceExpire</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdGraceExpire</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>Specifies the number of seconds the grace authentications are valid
+ Default value is 0, no limit.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdMaxLength</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdMaxLength</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>This attribute holds the maximum number of characters that may be used in a password.
+ Default value 0, no maximum length enforced</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdInHistory</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdInHistory</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>Specifies the maximum number of used passwords stored in the pwdHistory attribute.
+ Default value is 0, no password history maintained</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdCheckQuality</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdCheckQuality</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>Indicates how the password quality will be verified while being modified or added.
+ Default value 0, do not check</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdMinLength</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdMinLength</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>This attribute holds the minimum number of characters that must be used in a password.
+ Default value 0, no minimum length enforced</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdExpireWarning</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdExpireWarning</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>The maximum number of seconds before a password is due to expire that expiration warning
+ messages will be returned to an authenticating user.
+ Default value is 0, never send a warning message.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdGraceAuthNLimit</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdGraceAuthNLimit</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Integer</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>0</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>the number of times an expired password can be used to authenticate.
+ Default value is 0, do not allow a expired password for authentication.</emphasis></para>
+ </simplesect>
+
+ <simplesect>
+ <title>pwdLockout</title>
+ <para><emphasis role="bold">Name : </emphasis> <emphasis>pwdLockout</emphasis></para>
+ <para><emphasis role="bold">Type : </emphasis> <emphasis>Boolean</emphasis></para>
+ <para><emphasis role="bold">Default value : </emphasis> <emphasis>false</emphasis></para>
+ <para><emphasis role="bold">Description : </emphasis> <emphasis>Flag to indicate if the account needs to be locked after a specified number of
+ consecutive failed bind attempts. The maximum number of consecutive
+ failed bind attempts is specified in pwdMaxFailure</emphasis></para>
+ </simplesect>
+ </simplesect>
</section>
<section id="Partitions configuration" xreflabel="Partitions configuration">