Overview#

A Universal Password Policy is NOT in effect until you assign it to one or more Entries.

You can assign a password policy to the following Entries. Only one Universal Password Policy is effective for a user at a time. NMAS determines which policy is effective for a user by at attribute nspmPasswordPolicyDN which determines specific nspmPasswordPolicy for the entry according in the following order and applying the first one found: (IN THIS ORDER)

  • Specific user assignment: If a password policy has been assigned specifically to the user, that policy is applied.
  • Container: If the user has no specific assignment, NMAS applies the policy that is assigned to the container that holds the user.
    • If you assign a policy to a container that is not the root of a partition, the policy assignment is inherited only by users in that specific container. If you want the policy to apply to all users below a container that is not a partition root, you must assign the policy to each subcontainer individually.
  • Partition Root Entry: If no policy is assigned to the user or to the container directly above the user, the policy assigned to the partition root container is applied IF present.
    • If you assign a policy to a container that is the root of a partition, the policy assignment is inherited by all users in that partition, including users in subcontainers.
  • Login Policy object
    • We recommend that you create a default password policy for all users in the tree. You do this by creating a policy and assigning it to the Login Policy object. The Login Policy object is located in the Security container just below the root of the tree.

The first nspmPasswordPolicyDN value encountered is the Universal Password Policy Assignment for the entry.

If are no nspmPasswordPolicyDN value encountered then there is no Universal Password Policy Assignment for the entry.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-15) was last changed on 19-May-2016 12:41 by jim