This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 1 added 37 lines
!!! Overview
The set password-max-suspension [DXServer Command] sets the time after which a suspended password reactivates.
This setting only applies to accounts that were suspended because the user tried to log in too many times with the wrong credentials, as set with the set password-retries command.
[CA Directory] uses the [Operational Attribute] [{$pagename}] to record the time since the account was suspended due to failed login attempts.
This command has the following format:
{{{
set password-max-suspension = number-seconds | 0 ;
}}}
* number-seconds - Specifies the time (in [seconds]) for which a suspended password remains suspended. After the time has passed, the account in active.
* 0 - (Default) Disables this feature.
[{$pagename}] with [DxPwdFailedAttempts] work to implement [Intruder Detection] within [CA Directory].
[{$pagename}] is one of the [CAD Password Commands and Operational Attributes|DXServer Password Commands and Operational Attributes]
!! Our Notes
Appears to be an attempt to follow the [Draft-behera-ldap-password-policy] attribute for [pwdFailureTime]; however, the attribute is [SINGLE-VALUE] and appears to be cleared on first successful bind.
!! Attribute Definition
The [{$pagename}] [AttributeTypes] is defined as:
* [OID] of [1.3.6.1.4.1.3327.6.12]
* NAME: [{$pagename}]
* DESC:
* [EQUALITY]: []
* [ORDERING]: []
* SYNTAX: [Generalized Time]
* [SINGLE-VALUE]
* [NO-USER-MODIFICATION]
* USAGE [UserApplications]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]