NspmConfigurationOptions has an OID of 2.16.840.1.113719. is a bitmask and part of the Edirectory Password Policy

eDirectory LDAP Attribute Definition#

The NspmConfigurationOptions AttributeTypes is defined as:

NspmConfigurationOptions Values#

Different eDirectory Versions and nspmConfigurationOptions MAY change this behavior. For example, there are options to NOT sync the NDS Password and/or the Simple Password.

We have found some bitmask values for NspmConfigurationOptions attribute options (reading from LDAP - non zero = true):

00000000010x00000001On set password request the NDS Password hash will be removed by Secure Password Manager
00000000100x00000002On set password request the NDS Password hash will not be set by Secure Password Manager
00000001000x00000004On set password request the Simple Password will not be set by Secure Password Manager
00000010000x00000008(SPM_ALLOW_SPWD_SET) specifies that the Simple Password can be set even when Universal Password is enabled. For this option to work it is necessary that the option to synchronize the Simple Password with the Universal Password is enabled in the Edirectory Password Policy.
00000100000x00000010Allow password retrieval by self (User)
00001000000x00000020Allow password retrieval by admin (Admin Is this Admin or any object with Supervisor Rights over the LDAP Entry)
00010000000x00000040Allow password retrieval by a trusted app such as DirXML to read the password. Appears this causes Universal Password to sync to the nspmDistributionPassword (thanks Dr. Axel SchnellbÃGel)
0010000000 Reserved
01000000000x00000100Password enabled
10000000000x00000200Advanced password policy enabled



More Information#

There might be more information for this subject on one of the following: