Oracle Fusion Middleware Evaluation Guide for Oracle Directory Server Enterprise Edition

Directory Server Enterprise Edition Password Policy

Directory Server Enterprise Edition password policy provides the following features:

In addition, the password policy provides two controls, passwordPolicyRequest and passwordPolicyResponse. These controls enable LDAP clients to obtain the account status information on LDAP add, delete, modrdn, compare, and search operations. The following information is available, using the OID in the search:

Managing the Password Policy Using the DSCC

The DSCC provides a tab for managing the password policies. You can use this tab to add new policies, assign a policy to Directory Server users, delete password policies, and change the password policy compatibility mode. The following figure illustrates this tab.

Password Policy tab of the DSCC.

When you define a new password policy, you use the New Password Policy wizard. It allows you to specify password change settings, expiration settings, and content settings. It also allows you to specify account lockout settings. The following figure illustrates step 2 of the New Password Policy wizard.

New Password Policy wizard in the DSCC.

Migrating to the New Password Policy

For migration purposes, the new password policy maintains compatibility with previous Directory Server versions by identifying a compatibility mode. The compatibility mode determines whether password policy attributes are handled as old attributes or new attributes, where old refers to any Directory Server 5.2 or 5.2.x password policy attributes.

See Password Policy in Oracle Fusion Middleware Upgrade and Migration Guide for Oracle Directory Server Enterprise Edition for details on migrating to the new password policy.