|Skip Navigation Links|
|Exit Print View|
|Oracle Directory Server Enterprise Edition Man Page Reference 11g Release 1 (220.127.116.11.0)|
- Password Policy objectclass
( 18.104.22.168.22.214.171.124.126.96.36.199 NAME 'pwdPolicy' DESC 'Password Policy objectclass' SUP top AUXILIARY MUST ( pwdAttribute ) MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify) X-DS-USE 'internal' X-ORIGIN 'Password Policy for LDAP Directories Internet Draft' )
Contains the attributes defining a password policy in effect for a set of users. A password policy is defined for a particular subtree of the DIT by adding to an LDAP subentry whose immediate superior is the root of the subtree, the pwdPolicy auxiliary object class. The scope of the password policy is defined by the SubtreeSpecification attribute of the LDAP subentry as specified in RFC 3672.
Each object that is controlled by password policy advertises the subentry that is being used to control its policy in its pwdPolicySubentry attribute. Clients wishing to examine or manage password policy for an object may interrogate the pwdPolicySubentry for that object in order to arrive at the proper pwdPolicy subentry.
This object class is defined by Password Policy Internet-Draft.
Auxiliary object class
Entries of this object class require the following attribute types in addition to those inherited from the superior(s):
Entries of this object class may have the following optional attribute types in addition to those inherited from the superior(s):
pwdAllowUserChange(5dsat), pwdCheckQuality(5dsat), pwdExpireWarning(5dsat), pwdFailureCountInterval(5dsat), pwdGraceAuthNLimit(5dsat), pwdInHistory(5dsat), pwdLockout(5dsat), pwdLockoutDuration(5dsat), pwdMaxAge(5dsat), pwdMaxFailure(5dsat), pwdMinAge(5dsat), pwdMinLength(5dsat), pwdMustChange(5dsat), pwdSafeModify(5dsat)
Configuration object specific to this Directory Server instance, not replicated.
See attributes(5) for descriptions of the following attributes: