Overview#By default the UP is configured to write the password but not read.
There are bits in the nspmConfigurationOptions attribute options (reading form LDAP - non zero = true) :
- 0000000001 * -- 0x01 = On set password request the NDS password hash will be removed by SPM
- 0000000010 * -- 0x02 = On set password request the NDS password hash will not be set by SPM
- 0000000100 * -- 0x04 = On set password request the Simple password will not be set by SPM
- 0000001000 Reserved
- 0000010000 * -- 0x10 = Allow password retrieval by self (User) 10000
- 0000100000 * -- 0x20 = Allow password retrieval by admin (Admin Is this Admin or any object with Admin Rights ??) 100000
- 0001000000 * -- 0x40 = Allow password retrieval by password agents (a trusted app such as dirXML to read the password)
- 0010000000 Reserved
- 0100000000 * -- 0x100 = Password enabled - 100000000
- 1000000000 * -- 0x200 = Advanced password policy enabled - 1000000000
The default behavior is that when the UP password is set then the NDS Password and the Simple Password are set to the same value (one exception is that the NDS password will uppercase "a" through "z".
Again, the configuration option can be used to change this behavior. For example, there are options to not sync the NDS and/or the Simple Password.