This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
EDirectory Password Expiration
EDirectory Password Expiration

Version management

Difference between version and

At line 1 added 32 lines
!!! Overview
[{$pagename}] within [eDirectory].
Most entries are and [SHOULD] be controlled a [Universal Password Policy|NspmPasswordPolicy].
[EDirectory] [Password Expiration] is determined by the value of the [passwordExpirationInterval] on the [Universal Password Policy|NspmPasswordPolicy] which applies to the entry.
The conditions that control the "[Password Expired]" mechanism are defined within the [Universal Password Policy|NspmPasswordPolicy]. The important values within the [nspmPasswordPolicy] [Password Policy] are shown below: (showing typical values)
* Number of days before password expires (0-365): 30 Days
* Limit the number of grace logins allowed (0-254): 02 Attempt(s)
In addition to the [Universal Password Policy|NspmPasswordPolicy] the [passwordRequired] attribute must be set to: __TRUE__
A [password] is considered [Password Expired] when the [PasswordExpirationTime] has passed and the [LoginGraceRemaining]=0.
However, __ONLY__ once an entry has been assigned to a [Universal Password Policy|NspmPasswordPolicy] and then changes the password thereafter will the [EDirectory] server will set (or update) attribute values on the entry:
* [passwordExpirationTime] - forward the number of days specified in Password Policy value for the Days Between Forced Changes field ([passwordExpirationInterval]).
* [passwordExpirationInterval] - to the value of the Password Policy's [passwordExpirationInterval] (This is done for non-[Universal Password] client's backward compatibility)
!! How [{$pagename}] is performed
Then when the user performs a [bind Request] the server reads the entry's value for [passwordExpirationTime] and decides whether the [Password Expired].
There is __NOT__ a "live" calculation on the entry's [pwdChangedTime] / [passwordExpirationInterval]. The live operation only looks at the [LDAP Entry] [passwordExpirationTime].
When using [Universal Password Policies|NspmPasswordPolicy] then the policy will be enforced such that you cannot extend the [passwordExpirationTime] beyond what the policy says is valid. You can, however, set the [passwordExpirationTime] to be earlier than the [Universal Password Policy|NspmPasswordPolicy] and the password will expire at the earlier time.
!! Category
%%category [eDirectory]%%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop