For more information on password policies, see the "Managing Users and Passwords" chapter in the
Parameter | Description |
Entry DN | cn=config |
|
|
Valid Values | on or off |
|
|
Default Value | off |
|
|
Syntax | DirectoryString |
|
|
Example | passwordExp: on |
|
|
2.3.1.107 passwordGraceLimit (Password expiration)
This attribute is only applicable if password expiration is enabled. After the user's password has expired, the server allows the user to connect for the purpose of changing the password. This is called a grace login. The server allows only a certain number of attempts before completely locking out the user. This attribute is the number of grace logins allowed. A value of 0 means the server does not allow grace logins.
Parameter | Description |
Entry DN | cn=config |
|
|
Valid Values | 0 (off) to any reasonable integer |
|
|
Default Value | 0 |
|
|
Syntax | Integer |
|
|
Example | passwordGraceLimit: 3 |
|
|
2.3.1.108 passwordHistory (Password history)
Enables password history. Password history refers to whether users are allowed to reuse passwords. By default, password history is disabled, and users can reuse passwords. If this attribute is set to on, the directory stores a given number of old passwords and prevents users from reusing any of the stored passwords. Set the number of old passwords the Directory Server stores using the passwordInHistory attribute.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Parameter | Description |
Entry DN | cn=config |
|
|
Valid Values | on or off |
|
|
Default Value | off |
|
|
Syntax | DirectoryString |
|
|
Example | passwordHistory: on |
|
|
2.3.1.109 passwordInHistory (Number of passwords to remember)
Indicates the number of passwords the Directory Server stores in history. Passwords that are stored in history cannot be reused by users. By default, the password history feature is disabled, meaning that the Directory Server does not store any old passwords, and so users can reuse passwords. Enable password history using the passwordHistory attribute.
64 Core server configuration reference