Configuring Password Policies by Using Oracle Directory Services Manager

You can use ODSM to manage password policies, as described in the following sections.

List the Configured Password Policy Subentries

You can display all password policy subentries that are configured in the server by using ODSM, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy Subentry element.

The DNs of all password policy subentries are listed.
To display the details of a password policy subentry, select its DN.

The password policy subentry properties are displayed in the right hand pane.
To modify any aspect of the password policy subentry, change the required value and click Apply.

For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.

Create a Password Policy Subentry

You can create a new password policy subentry by using ODSM, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy Subentry element.
Click the Add icon.

The password policy subentry properties are displayed in the right hand pane.
On the Create new password policy subentry screen, complete the required fields.

For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
When you have completed configuring the password policy subentry, click Create.

Create a Password Policy Subentry Based on an Existing Password Policy Subentry

You can create a new password policy subentry that is based on an existing password policy subentry by using ODSM, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy Subentry element.
Select the password policy subentry on which you want to base the new subentry.
Click the Add like icon.

The properties of the original password policy subentry are displayed in the right hand pane.
Modify the required values.

For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
When you have completed configuring the new password policy subentry, click Create.

Delete a Password Policy Subentry

You can delete a password policy subentry by using ODSM, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy Subentry element.
Select the password policy subentry that you want to deleted.
Click the Delete icon.

You are prompted to confirm the deletion. Click OK.

Display the Configured Password Policies

You can display the list of password policies by using ODSM, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.

The list of configured password policies is displayed.
Select a password policy to display its properties in the right hand pane.

For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.

Modify a Password Policy

You can modify a configured password policy by using ODSM, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.

The list of configured password policies is displayed.
Select the password policy whose properties you want to modify.

For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.

Create a Password Policy

You can create a new password policy by using ODSM, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.
Click the Add icon.
On the Create New Password Policy screen, configure the required properties.

For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
When you have configured the new password policy, click Create.

Create a Password Policy Based on an Existing Password Policy

You can create a new password policy that is based on an existing password policy by using ODSM, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.
Select the password policy on which you want to base the new policy.
Click the Add like icon.
On the Create New Password Policy screen, modify the properties to create the new policy.

For a description of all possible properties, and their values, see the Oracle Unified Directory Configuration Reference.
When you have configured the new password policy, click Create.

Delete a Password Policy

You can delete a password policy by using ODSM, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Policy element.
Select the password policy that you want to delete.
Click the Delete icon.
Click OK to confirm the deletion.

Display the Supported Password Validators

A password validator is a component of the password policy that determines whether a proposed password is acceptable for use. Oracle Unified Directory provides the following password validators:

Similarity-Based Password Validator. Used to reject a password if it is too similar to the user's current password.
Dictionary. Used to reject a password if it is a word that can be found in a dictionary.
Character Set. Used to reject a password if the value does not contain characters from an acceptable range of character sets.
Attribute Value. Used to reject a password if the value exists in any of the attributes contained in the user's entry.
Unique Characters. Use to reject a password if it does not contain enough unique characters.
Repeated Characters. Used to reject a password if it contains a string of too many repeated characters.
Length-Based Password Validator. Used to reject a password if it is too long or too short.

You can use ODSM to display the list of password validators, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Validators element.
The list of password validators is displayed.

Enable or Disable a Password Validator

You can use ODSM to enable or disable a password validator, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Validators element.
Select the password validator that you want to enable or disable.
In the right hand pane, check or uncheck the Enabled box, as required.
Click Apply to save your changes.

Display the Supported Password Storage Schemes

A password storage scheme provides a mechanism for encoding user passwords for storage in the server. In most cases, the password is encoded in a manner that prevents users from determining what the clear-text password is, while still allowing the server to determine whether the user-supplied password is correct. Oracle Unified Directory supports a number of password storage schemes. For more information, see password storage scheme in Oracle Fusion Middleware Glossary for Oracle Unified Directory.

You can use ODSM to display the list of password storage schemes, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Storage element.
The list of password storage schemes is displayed.

Enable or Disable a Password Storage Scheme

You can use ODSM to enable or disable a password storage scheme, as follows:

Connect to the directory server from ODSM, as described in Connecting to the Server From Oracle Directory Services Manager.
Select the Security tab.
Expand the Password Storage element.
Select the password storage scheme that you want to enable or disable.
In the right hand pane, check or uncheck the Enabled box, as required.
Click Apply to save your changes.

Skip Navigation Links
Exit Print View
	Oracle Fusion Middleware Administration Guide for Oracle Unified Directory 11g Release 1 (11.1.1)