Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
6. Directory Server Access Control
7. Directory Server Password Policy
Password Policies and Worksheet
Policy for Password Expiration
Policy for Tracking Last Authentication Time
Worksheet for Defining Password Policy
Managing the Default Password Policy
Correlation Between Password Policy Attributes and dsconf Server Properties
To View Default Password Policy Settings
To Change Default Password Policy Settings
Preventing Binds With No Password
Managing Specialized Password Policies
To Assign a Password Policy to an Individual Account
To Assign a Password Policy Using Roles and CoS
To Set Up a First Login Password Policy
To Reset a Password With the Password Modify Extended Operation
To Allow Grace Authentications When Passwords Expire
To Set the Look-Through Limit for an Account
To Set the Size Limit for an Account
To Set the Time Limit for an Account
To Set the Idle Timeout for an Account
Setting the Compatibility Mode
Guidelines for Choosing a Compatibility Mode
New Directory Server 11g Release 1 (11.1.1.5.0) Deployment
Migrating a Deployment to Directory Server 11g Release 1 (11.1.1.5.0)
Administrative Password Reset Classification
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
When the password policy for a user has pwdSafeModify set to TRUE, the old password must be provided with the new password to change the password. The command dsconf set-server-prop pwd-safe-modify-enabled:on has the same effect for the default password policy.
You can use the ldappasswd(1) command to change the password. This command provides support for safe password modification. This command implements RFC 3062, LDAP Password Modify Extended Operation
The following command lets Barbara Jensen change her own user password, connecting over simple authentication:
$ ./ldappasswd -h host -D uid=bjensen,ou=people,dc=example,dc=com \ -j old.pwd -T new.pwd -t old.pwd uid=bjensen,ou=people,dc=example,dc=com ldappasswd: password successfully changed
You can also use the LDAP password modify extended operation. Setting up support for the extended operation is explained in To Reset a Password With the Password Modify Extended Operation.