After you install Sun Directory Server Enterprise Edition 6.3, Directory Server uses Legacy mode for its password policy syntax, which works for both Directory Server 5.x and Directory Server 6.x. However, Directory Server 6.3 maintains two sets of password attributes for both password policies and the user's computed password attributes. This may trigger other potential issues. Unless you are planning to use Directory Server 5.x password policies, a good practice is to migrate a new Directory Server 6.3 instance to the Directory Server 6-Only mode. Doing so removes redundancies and avoids any potential problems.
Here is an example of how you can verify which mode the Directory Server is running in, and how you can enable Directory Server 6–Only mode.
| # DirectoryServer-base/ds6/bin/dsconf get-server-prop -p 1389 -D "cn=directory manager" -w mypass -c -e pwd-compat-mode pwd-compat-mode : DS5-compatible-mode # DirectoryServer-base/ds6/bin>dsconf pwd-compat -p 1389 -D "cn=directory manager" -w mypass -c -e to-DS6-migration-mode ## Beginning password policy compatibility changes. ## Password policy compatibility changes finished. Task completed (slapd exit code: 0). # DirectoryServer-base/ds6/bin/dsconf pwd-compat -p 1389 -D "cn=directory manager" -w mypass -c -e to-DS6-mode ## Beginning password policy compatibility changes. ## Password policy compatibility changes finished. Task completed (slapd exit code: 0). # DirectoryServer-base/ds6/bin/dsconf get-server-prop -p 1389 -D "cn=directory manager" -w mypass -c -e pwd-compat-mode pwd-compat-mode : DS6-mod |