Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
Password Policies and Worksheet
Policy for Password Expiration
Policy for Tracking Last Authentication Time
Worksheet for Defining Password Policy
Managing the Default Password Policy
Correlation Between Password Policy Attributes and dsconf Server Properties
To View Default Password Policy Settings
To Change Default Password Policy Settings
Preventing Binds With No Password
Managing Specialized Password Policies
To Assign a Password Policy to an Individual Account
To Assign a Password Policy Using Roles and CoS
To Set Up a First Login Password Policy
Modifying Passwords From the Command Line When pwdSafeModify Is TRUE
To Reset a Password With the Password Modify Extended Operation
To Allow Grace Authentications When Passwords Expire
To Set the Look-Through Limit for an Account
To Set the Size Limit for an Account
To Set the Time Limit for an Account
To Set the Idle Timeout for an Account
Setting the Compatibility Mode
Guidelines for Choosing a Compatibility Mode
New Directory Server 11g Release 1 (11.1.1.5.0) Deployment
Migrating a Deployment to Directory Server 11g Release 1 (11.1.1.5.0)
Administrative Password Reset Classification
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
Directory Server allows you to configure password policy to force the lockout of accounts after a specified number of failed bind attempts. See Policy for Account Lockout for details. This section covers manual account locking and activation tools that the Directory Manager can use.
The Directory Manager can manage account lockout without using the lockout duration timer. The locked account remains locked until the account is explicitly activated. The Directory Manager can also render certain accounts inactive for an indefinite period of time.
This section shows how to check account status, render accounts inactive, and reactivate accounts.
Check account status as shown here.
Note - You must bind as the Directory Manager.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
The following command checks Barbara Jensen's account status:
$ dsutil account-status -p port-number -w pwd.txt \ uid=bjensen,ou=people,dc=example,dc=com uid=bjensen,ou=people,dc=example,dc=com activated.
See the dsutil(1M) man page for details.
Render an account or a role inactive as shown here.
Note - You must bind as the Directory Manager.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
The following command renders Barbara Jensen's account inactive:
$ dsutil account-inactivate -p port-number -w pwd.txt \ uid=bjensen,ou=people,dc=example,dc=com uid=bjensen,ou=people,dc=example,dc=com inactivated. $
See the dsutil(1M) man page for details.
Unlock an account or a role as shown here.
Note - You must bind as the Directory Manager.
You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
The following command renders Barbara Jensen's account active again:
$ dsutil account-activate -p port-number -w pwd.txt \ uid=bjensen,ou=people,dc=example,dc=com uid=bjensen,ou=people,dc=example,dc=com activated.
dsutil(1M) man page for details.