EDirectory password policy object describes the password policy and which entries the policy is assigned.

Well technically, the "nsimAssignments" may hold the entries that the policy is assigned; however, the real test is if the entry has a value for the "nspmPasswordPolicyDN" attribute.

nspmPasswordPolicyDN=cn=generalusers,cn=Password Policies,cn=Security

The nspmPasswordPolicyDN is defined with the OID of 2.16.840.1.113719.

Determination of the password policy assignment follows this algorithm described in Determination Of Which Universal Password Policy Is Assigned

A typical NspmPasswordPolicy might be like:

Password Self-Service#

Novell's password self-service is implemented by defining a Novell password policy and associating the policy to a challenge set. So in our example, we have created a password policy, cn=generalusers,cn=Password%20Policies,cn=Security. This policy entry, and instance of "nspmPasswordPolicy", is linked to the nsimChallengeSet by an attribute "nsimForgottenAction" with the value:
        <Authentication><![CDATA[generalChalangeSet.Password Policies.Security]]></Authentication>
As the nsimChallengeSet is a single-valued attribute, there can be only one nsimChallengeSet for each nspmPasswordPolicy.

Also, there can only be one password policy assigned to each user.

ObjectClass Definition#

The ObjectClass Type is defined as:



More Information#

There might be more information for this subject on one of the following: