Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

Password Policy in LDAP

Hi,

I have a password policy in LDAP for a particular Role(Filtered). When I

create a user in the LDAP through console or through my application which matches the filter condition, the password policy is not getting

implemented. i.e. the passwordExpirationTime, passwordChangedTime is not set. The password syntax is also not checked.

But, Once when i change the password, the policy gets enabled and throws an appropriate error if the password is in history or Invalid syntax, etc..

I would like to know whether the password policy will be enabled only for the users who have their password changed or is there any attribute in the password policy to enable it for the users created under it.

Can Anyone help me on this.

Thanks in Advance,

Navanidhi

[810 byte] By [Navanidhi] at [2007-11-26 8:53:55]
«« How to attach external HDD ?
»» Can't open msg server in console
# 1
I found same issue here recently. It looks like the policy only applied when the user account is triggered.I am using 5.2 sp4 now. I can't recall how it looked like when I was using the old version or patch version.
sun_iplanet at 2007-7-6 22:49:05 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2

I am guessing both of you have your default password/lockout policy disabled.

If you have Role/CoS based policies, they are only enforced after the new user entry makes it to the dB, since nsRole/passwordpolicysubentry are virtual attrs that are created on the fly when an entry is accessed or is part of a result set. These policies are enforced while updating an entry because the entry is now part of the scope of the Role/CoS

On the other hand the default policy (under cn=config) somehow acts as a pre-op plugin check, so its always good to have the default policy enabled at least restrictive level if not at the most restrictive level. If nothing, it will act as a catch all

HTH

LostLad at 2007-7-6 22:49:05 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3

hi,

thanks for the information. But still if I apply the global Password policy, it gets applied to all the users in the LDAP. I have a scenario of having pasword policy only for a particular set of users. Is there any way to have the global policy applied only for a particular set of users or to avoid the global password policy for a particular set of users.

Thanks in Advance,

Navanidhi

Navanidhi at 2007-7-6 22:49:05 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified