To prevent users from rapidly cycling through the number of passwords that are tracked, use the passwordMinAge attribute.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Parameter | Description |
Entry DN | cn=config |
|
|
Valid Range | 2 to 24 passwords |
|
|
Default Value | 6 |
|
|
Syntax | Integer |
|
|
Example | passwordInHistory: 7 |
|
|
2.3.1.110 passwordIsGlobalPolicy (Password policy and replication)
This attribute controls whether password policy attributes are replicated.
Parameter | Description |
Entry DN | cn=config |
|
|
Valid Values | on or off |
|
|
Default Value | off |
|
|
Syntax | DirectoryString |
|
|
Example | passwordIsGlobalPolicy: off |
|
|
2.3.1.111 passwordLockout (Account lockout)
Indicates whether users are locked out of the directory after a given number of failed bind attempts. By default, users are not locked out of the directory after a series of failed bind attempts. If account lockout is enabled, set the number of failed bind attempts after which the user is locked out using the passwordMaxFailure attribute.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Parameter | Description |
Entry DN | cn=config |
|
|
Valid Values | on or off |
|
|
Default Value | on |
|
|
Syntax | DirectoryString |
|
|
Example | passwordLockout: off |
|
|
2.3.1.112 passwordLockoutDuration (Lockout duration)
Indicates the amount of time in seconds during which users are locked out of the directory after an account lockout. The account lockout feature protects against hackers who try to break into the directory by repeatedly trying to guess a user's password. Enable and disable the account lockout feature using the passwordLockout attribute.
2.3 Core server configuration attributes reference | 65 |