Example: To Create a Password Policy in Directory
Server for Force Password Change After Reset
The following example shows how to configure the Directory Server to work with the Force Password Change After Reset attribute. This involves creating a password policy and assigning to it to a range of user identities.
This sample password policy forces users to change their password after an administrator reset (Any password change that is not done by the self modify is considered as password reset, meaning that the attribute pwdreset will be true.)
-
Type the following text in a file called passwdPolicy.ldif.
Change dc=red,dc=sun,dc=com in the text to the actual root suffix of the deployed Directory Server.
dn: cn=AMUsersPasswordPolicy,dc=red,dc=sun,dc=com objectClass: top objectClass: pwdPolicy objectClass: LDAPsubentry cn: AMUsersPasswordPolicy pwdMustChange: TRUE pwdattribute: userPassword
-
Execute the following command:
ldapmodify -D"cn=directory manager" -w admin123 -c -a -f passwdPolicy.ldif
This will add the password policy to the Directory Server.
-
Assign this policy to user identities. For example, enter the following text in to a file called AddPwdPolicy.ldif:
dn:uid=example_user,ou=people,dc=red,dc=iplanet,dc=com changetype:modify add: pwdPolicySubentry pwdPolicySubentry:cn=AMUsersPasswordPolicy,dc=red,dc=iplanet,dc=com
-
Execute the following command:
ldapmodify -D"cn=directory manager" -w admin123 -c -a -f AddPwdPolicy.ldif
- © 2010, Oracle Corporation and/or its affiliates