Sun Directory Server Enterprise Edition 7.0 Administration Guide

ProcedureTo Assign a Password Policy to an Individual Account

This procedure assigns an existing password policy to a single user account.

Note –

To complete this procedure, you must have a specialized password policy to assign. See To Create a Password Policy.

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

Example data shown here is from Example.ldif unless stated otherwise.

  1. Add the password policy DN to the values of the pwdPolicySubentry attribute of the user entry.

    For example, the following commands assign the password policy that is defined in To Create a Password Policy to David Miller's entry, whose DN is uid=dmiller,ou=people,dc=example,dc=com:

    $ cat pwp.ldif 
    dn: uid=dmiller,ou=people,dc=example,dc=com
    changetype: modify
    add: pwdPolicySubentry
    pwdPolicySubentry: cn=TempPolicy,dc=example,dc=com
    $ ldapmodify -D uid=kvaughan,ou=people,dc=example,dc=com -w - -f pwp.ldif 
    Enter bind password: 
    modifying entry uid=dmiller,ou=people,dc=example,dc=com
    $ ldapsearch -D uid=kvaughan,ou=people,dc=example,dc=com -w - -b dc=example,dc=com \
    "(uid=dmiller)" pwdPolicySubentry
    Enter bind password:
    version: 1
    dn: uid=dmiller, ou=People, dc=example,dc=com
    pwdPolicySubentry: cn=TempPolicy,dc=example,dc=com

    As shown in Example.ldif, kvaughan is a Human Resources manager who has access to modify dc=example,dc=com entries. Vaughan's bind password, as shown in Example.ldif, is bribery.