Directory Server 6.0 implements a new password policy. For details on configuration of the new password policy, see Chapter 7, Directory Server Password Policy, in Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide. The attributes that define the password policy are stored in the entry cn=Password Policy,cn=config. Note that in Directory Server 5.1, password policy attributes were located directly under cn=config.
Directory Server 6.0 introduces the new pwdPolicy object class. The attributes of this object class replace the old password policy attributes. For a description of these new attributes see the pwdPolicy(5dsoc) man page.
By default, the new password policy is backward compatible with the old password policy. However, because backward compatibility is not guaranteed indefinitely, you should migrate to the new password policy as soon as is convenient for your deployment. For information about password policy compatibility, see Password Policy Compatibility.
The following table provides a mapping of the new password policy attributes whose values must be migrated from the legacy attributes.
Table 3–3 Mapping Between 5 and 6.0 Password Policy Attributes
Legacy Directory Server Attribute |
Directory Server 6.0 Attribute |
---|---|
- (password policy is applied to the userPassword attribute only.) |
pwdAttribute |
passwordMinAge |
pwdMinAge |
passwordMaxAge |
pwdMaxAge |
passwordInHistory |
pwdInHistory |
passwordSyntax |
pwdCheckQuality |
passwordMinLength |
pwdMinLength |
passwordWarning |
pwdExpireWarning |
- |
pwdGraceLoginLimit |
passwordMustChange |
pwdMustChange |
passwordChange |
pwdAllowUserChange |
- |
pwdSafeModify |
passwordExp |
- |
passwordStorageScheme |
- |
passwordExpireWithoutWarning |
- |
passwordLockout |
pwdLockout |
passwordLockoutDuration |
pwdLockoutDuration |
passwordMaxFailure |
pwdMaxFailure |
passwordResetFailureCount |
pwdFailureCountInterval |
passwordUnlock |
- |