By default the UP is configured to write the password but not read.

Frmm the Novell Secure Password Manager Schema that implements NSPM

There are bits in the nspmConfigurationOptions attribute options (reading form LDAP - non zero = true) :

  • 0000000001 * -- 0x01 = On set password request the NDS password hash will be removed by SPM
  • 0000000010 * -- 0x02 = On set password request the NDS password hash will not be set by SPM
  • 0000000100 * -- 0x04 = On set password request the Simple password will not be set by SPM
  • 0000001000 Reserved
  • 0000010000 * -- 0x10 = Allow password retrieval by self (User) 10000
  • 0000100000 * -- 0x20 = Allow password retrieval by admin (Admin Is this Admin or any object with Admin Rights ??) 100000
  • 0001000000 * -- 0x40 = Allow password retrieval by password agents (a trusted app such as dirXML to read the password)
  • 0010000000 Reserved
  • 0100000000 * -- 0x100 = Password enabled - 100000000
  • 1000000000 * -- 0x200 = Advanced password policy enabled - 1000000000

The default behavior is that when the UP password is set then the NDS Password and the Simple Password are set to the same value (one exception is that the NDS password will uppercase "a" through "z".

Again, the configuration option can be used to change this behavior. For example, there are options to not sync the NDS and/or the Simple Password.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-9) was last changed on 30-Aug-2014 10:47 by jim