Overview#

Since the password policy could apply to several attributes used to store passwords, each of the above operational attributes must have an option to specify which pwdAttribute it applies to.

The password policy option is defined as the following:

pwd-<passwordAttribute>
} where passwordAttribute a string following the OID syntax 1.3.6.1.4.1.1466.115.121.1.38. The attribute type descriptor (short name) MUST be used.

For example, if the pwdPolicy object has for pwdAttribute "userPassword" then the pwdChangedTime operational attribute, in a user entry, will be:

pwdChangedTime;pwd-userPassword: 20000103121520Z

This attribute option follows sub-typing semantics. If a client requests a password policy state attribute to be returned in a search operation, and does not specify an option, all subtypes of that policy state attribute are returned.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-1) was last changed on 01-Feb-2014 08:36 by jim