Overview#

EDirectory password policy object describes the password policy and which entries the policy is assigned.

Well technically, the "nsimAssignments" may hold the entries that the policy is assigned; however, the real test is if the entry has a value for the "nspmPasswordPolicyDN" attribute.

nspmPasswordPolicyDN=cn=generalusers,cn=Password Policies,cn=Security

The nspmPasswordPolicyDN is defined with the OID of 2.16.840.1.113719.1.39.43.4.6.

Determination of the password policy assignment follows this algorithm described in Determination Of Which Universal Password Policy Is Assigned

A typical NspmPasswordPolicy might be like:

Password Self-Service#

Novell's password self-service is implemented by defining a Novell password policy and associating the policy to a challenge set. So in our example, we have created a password policy, cn=generalusers,cn=Password%20Policies,cn=Security. This policy entry, and instance of "nspmPasswordPolicy", is linked to the nsimChallengeSet by an attribute "nsimForgottenAction" with the value:
<ForgottenPassword>
    <Enabled>true</Enabled>
    <Sequence>
        <Authentication><![CDATA[generalChalangeSet.Password Policies.Security]]></Authentication>
        <Action>ShowHint</Action>
    </Sequence>
</ForgottenPassword>
As the nsimChallengeSet is a single-valued attribute, there can be only one nsimChallengeSet for each nspmPasswordPolicy.

Also, there can only be one password policy assigned to each user.

ObjectClass Definition#

The ObjectClass Type is defined as:

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-19) was last changed on 08-May-2017 14:53 by jim