Sun Java System Directory Server Enterprise Edition 6.1 Evaluation Guide

New Password Policy

Directory Server Enterprise Edition implements a new password policy that provides the following new features:

In addition, the new password policy provides two new controls, passwordPolicyRequest and passwordPolicyResponse. These controls enable LDAP clients to obtain the account status information on LDAP add, delete, modrdn, compare, and search operations. The following information is available, using the OID in the search:

Managing the Password Policy Using the DSCC

The DSCC provides a tab for managing the password policies. You can use this tab to add new policies, assign a policy to Directory Server users, delete password policies, and change the password policy compatibility mode. The following figure illustrates this tab.

Password Policy tab of the DSCC.

When you define a new password policy, you use the New Password Policy wizard. It allows you to specify password change settings, expiration settings, and content settings. It also allows you to specify account lockout settings. The following figure illustrates step 2 of the New Password Policy wizard.

New Password Policy wizard in the DSCC.

Migrating to the New Password Policy

For migration purposes, the new password policy maintains compatibility with previous Directory Server versions by identifying a compatibility mode. The compatibility mode determines whether password policy attributes are handled as old attributes or new attributes, where old refers to any Directory Server 5 password policy attributes.

See New Password Policy in Sun Java System Directory Server Enterprise Edition 6.1 Migration Guide for details on migrating to the new password policy.