jspωiki
Password Policy State Attribute

Overview#

Since the password policy could apply to several attributes used to store passwords, each of the above operational attributes must have an option to specify which pwdAttribute it applies to.

The password policy option is defined as the following:

pwd-<passwordAttribute>
} where passwordAttribute a string following the OID syntax 1.3.6.1.4.1.1466.115.121.1.38. The attribute type descriptor (short name) MUST be used.

For example, if the pwdPolicy object has for pwdAttribute "userPassword" then the pwdChangedTime operational attribute, in a user entry, will be:

pwdChangedTime;pwd-userPassword: 20000103121520Z

This attribute option follows sub-typing semantics. If a client requests a password policy state attribute to be returned in a search operation, and does not specify an option, all subtypes of that policy state attribute are returned.

More Information#

There might be more information for this subject on one of the following: