Configuring the Password Policy
215
1. Add the required attributes to the subtree or user entries by running the
ns-newpwpolicy.pl
script.
The command syntax for the script is as follows:
ns-newpwpolicy.pl [-D rootDN] { -w password | -w - | -j filename }[-p port] [-h host]
-U userDN -S suffixDN
For updating a subtree entry, use the
-S
option. For updating a user entry, use the
-U
option. The
ns-newpwpolicy.pl
script accepts only one user or subtree entry at a time. It can, however,
accept both user and suffix entries at the same time. For details about the script, see the
Directory
Server Configuration, Command, and File Reference
.
2. The script adds the required attributes depending on whether the target entry is a subtree or user
entry.
For a subtree (for example,
ou=people, dc=example, dc=com
), the following entries are
added:
• A container entry (
nsPwPolicyContainer
)at the subtree level for holding various password
policy-related entries for the subtree and all its children. For example:
dn: cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
objectClass: top
objectClass: nsContainer
cn: nsPwPolicyContainer
• The actual password policy specification entry (
nsPwPolicyEntry
) for holding all the
password policy attributes that are specific to the subtree. For example:
dn: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",
cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: ldapsubentry
objectclass: passwordpolicy
• The CoS template entry (
nsPwTemplateEntry
) that has the
pwdpolicysubentry
value
pointing to the above (
nsPwPolicyEntry
) entry. For example:
dn: cn="cn=nsPwTemplateEntry,ou=people,dc=example,dc=com",
cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
objectclass: top
objectclass: extensibleObject
objectclass: costemplate
objectclass: ldapsubentry
cosPriority: 1
pwdpolicysubentry: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",
cn=nsPwPolicyContainer,ou=people,dc=example,dc=com
• The CoS specification entry at the subtree level. For example:
dn: cn=nsPwPolicy_cos,ou=people,dc=example,dc=com
objectclass: top
objectclass: LDAPsubentry
Содержание DIRECTORY SERVER 8.0
Страница 18: ...xviii ...
Страница 29: ...Configuring the Directory Manager 11 6 Enter the new password and confirm it 7 Click Save ...
Страница 30: ...12 ...
Страница 112: ...94 ...
Страница 128: ...110 ...
Страница 190: ...Chapter 6 Managing Access Control 172 4 Click New to open the Access Control Editor ...
Страница 224: ...206 ...
Страница 324: ...306 ...
Страница 334: ...316 ...
Страница 358: ...340 ...
Страница 410: ...392 ...
Страница 420: ...402 ...
Страница 444: ...426 ...
Страница 454: ...436 ...
Страница 464: ...446 ...
Страница 484: ...466 ...
Страница 512: ...494 ...
Страница 522: ...504 ...