For details on configuration of the Directory Server 11g Release 1 (11.1.1) password policy, see Chapter 7, Directory Server Password Policy, in Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition. The attributes that define the password policy are stored in the entry cn=Password Policy,cn=config. Note that in Directory Server 5.2, password policy attributes were located directly under cn=config.
The attributes of the pwdPolicy object class replace the old password policy attributes. For a description of these attributes see the pwdPolicy(5dsoc) man page.
By default, this password policy is backward compatible with the old password policy. However, because backward compatibility is not guaranteed indefinitely, you should migrate to the new password policy as soon as is convenient for your deployment. For information about password policy compatibility, see Password Policy Compatibility in Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition.
While Directory Server 11g Release 1 (11.1.1) automatically manages coexistence between new and old password policies and entry operational attributes during migration and subsequent operations, you need to migrate any applications that refer to the old password policy attributes. The following table provides a mapping of the legacy password policy configuration attributes to the new attributes.
Table 6–3 Mapping Between 5.2 and 11g Release 1 (11.1.1) Password Policy Attributes
Legacy Directory Server Attribute |
Directory Server 11g Release 1 (11.1.1) Attribute |
---|---|
passwordMinAge |
pwdMinAge |
passwordMaxAge |
pwdMaxAge |
passwordExp |
pwdMaxAge |
passwordInHistory |
pwdInHistory |
passwordSyntax |
pwdCheckQuality |
passwordMinLength |
pwdMinLength |
passwordWarning |
pwdExpireWarning |
- |
pwdGraceLoginLimit |
passwordMustChange |
pwdMustChange |
passwordChange |
pwdAllowUserChange |
- |
pwdSafeModify |
passwordStorageScheme |
passwordStorageScheme |
passwordExpireWithoutWarning |
- |
passwordLockout |
pwdLockout |
passwordLockoutDuration |
pwdLockoutDuration |
passwordUnlock |
pwdLockoutDuration |
passwordMaxFailure |
pwdMaxFailure |
passwordResetFailureCount |
pwdFailureCountInterval |