<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview

[EDirectory] password policy object describes the password policy and which entries the policy is assigned. 

Well technically, the &quot;[nsimAssignments]&quot; __may__ hold the entries that the policy is assigned; however, the real test is if the entry has a value for the &quot;[nspmPasswordPolicyDN]&quot; attribute.
{{{
nspmPasswordPolicyDN=cn=generalusers,cn=Password Policies,cn=Security
}}}

The [nspmPasswordPolicyDN] is defined with the [OID] of [2.16.840.1.113719.1.39.43.4.6].

Determination of the password policy assignment follows this algorithm described in [Determination Of Which Universal Password Policy Is Assigned|Universal Password Policy Assignment]

A typical [{$pagename}] might be like:
* [nsimPwdRuleEnforcement]=FALSE
* [nsimChallengeSetGUID]=1224508481110 - This is a timestamp
* [nsimChallengeSetDN]=[cn=generalChalangeSet,cn=Password Policies,cn=Security|NsimChallengeSet]
* [nsimAssignments]=ou=people,dc=willeke,dc=com
* [nsimAssignments]=ou=Addresses,ou=people,dc=willeke,dc=com
* [nsimForgottenAction]={{{&lt;ForgottenPassword\&gt;\&lt;Enabled\&gt;true\&lt;/Enabled\&gt;\&lt;Sequence\&gt;\&lt;Authentication\&gt;\&lt;![CDATA[generalChalangeSet.Password Policies.Security]]\&gt;\&lt;/Authentication\&gt;\&lt;Action\&gt;ShowHint\&lt;/Action\&gt;\&lt;/Sequence\&gt;\&lt;/ForgottenPassword\&gt;}}}
* [nsimForgottenLoginConfig]=TRUE
* [nspmCaseSensitive]=TRUE
* [nspmSpecialAsLastCharacter]=FALSE
* [nspmSpecialAsFirstCharacter]=FALSE
* [nspmSpecialCharactersAllowed]=TRUE
* [nspmNumericAsLastCharacter]=TRUE
* [nspmNumericAsFirstCharacter]=TRUE
* [nspmNumericCharactersAllowed]=TRUE
* [nspmMaximumLength]=50
* [nspmConfigurationOptions]=884
* [passwordUniqueRequired]=FALSE
* [Password Minimum Length]=4
* [passwordAllowChange]=TRUE
* [objectClass]=[nspmPasswordPolicy]
* objectClass=Top
* description=All normal user will need to abide by these password policies
* cn=generalusers
* [passwordExpirationInterval]


!!Password Self-Service
Novell's password self-service is implemented by defining a Novell password policy and associating the policy to a challenge set. So in our example, we have created a password policy, cn=generalusers,cn=Password%20Policies,cn=Security. This policy entry, and instance of &quot;nspmPasswordPolicy&quot;, is linked to the [nsimChallengeSet] by an attribute &quot;nsimForgottenAction&quot; with the value:
{{{
&lt;ForgottenPassword&gt;
    &lt;Enabled&gt;true&lt;/Enabled&gt;
    &lt;Sequence&gt;
        &lt;Authentication&gt;&lt;![CDATA[generalChalangeSet.Password Policies.Security]]&gt;&lt;/Authentication&gt;
        &lt;Action&gt;ShowHint&lt;/Action&gt;
    &lt;/Sequence&gt;
&lt;/ForgottenPassword&gt;
}}}
As the [nsimChallengeSet] is a single-valued attribute, there can be only one [nsimChallengeSet] for each nspmPasswordPolicy. 

Also, there can only be one password policy assigned to each user.

!! [ObjectClass] Definition
The [ObjectClass Type] is defined as:
* [OID]: [2.16.840.1.113719.1.39.43.4.6]
* [ObjectClass-Name]: [{$pagename}]
* SUP: [top]
* [STRUCTURAL]
* [MUST]:
** [cn]
* [MAY]:
** [description]
** [nspmPolicyPrecedence]
** [nspmConfigurationOptions]
** [nspmChangePasswordMessage]
** [passwordExpirationInterval]
** [loginGraceLimit]
** [nspmMinPasswordLifetime]
** [passwordUniqueRequired]
** [nspmPasswordHistoryLimit]
** [nspmPasswordHistoryExpiration]
** [passwordAllowChange]
** [passwordRequired]
** [passwordMinimumLength]
** [nspmMaximumLength]
** [nspmCaseSensitive]
** [nspmMinUpperCaseCharacters]
** [nspmMaxUpperCaseCharacters]
** [nspmMinLowerCaseCharacters]
** [nspmMaxLowerCaseCharacters]
** [nspmNumericCharactersAllowed]
** [nspmNumericAsFirstCharacter]
** [nspmNumericAsLastCharacter]
** [nspmMinNumericCharacters]
** [nspmMaxNumericCharacters]
** [nspmSpecialCharactersAllowed]
** [nspmSpecialAsFirstCharacter]
** [nspmSpecialAsLastCharacter]
** [nspmMinSpecialCharacters]
** [nspmMaxSpecialCharacters]
** [nspmMaxRepeatedCharacters]
** [nspmMaxConsecutiveCharacters]
** [nspmMinUniqueCharacters]
** [nspmDisallowedAttributeValues]
** [nspmExcludeList]
** [nspmExtendedCharactersAllowed]
** [nsimChallengeSetDN]
** [nsimForgottenAction]
** [nsimForgottenLoginConfig]
** [nsimAssignments]
** [nsimChallengeSetGUID]
** [nsimPwdRuleEnforcement]
** [nspmExtendedAsFirstCharacter]
** [nspmExtendedAsLastCharacter]
** [nspmMinExtendedCharacters]
** [nspmMaxExtendedCharacters]
** [nspmUpperAsFirstCharacter]
** [nspmUpperAsLastCharacter]
** [nspmLowerAsFirstCharacter]
** [nspmLowerAsLastCharacter]
** [nspmComplexityRules]
** [pwdInHistory]
** [nspmAdminsDoNotExpirePassword]
** [nspmPasswordACL]
** [nspmAD2K8Syntax]
** [nspmAD2K8maxViolation]
** [nspmXCharLimit]
** [nspmXCharHistoryLimit]
** [nspmUnicodeAllowed]
** [nspmNonAlphaCharactersAllowed]
** [nspmMinNonAlphaCharacters]
** [nspmMaxNonAlphaCharacters]
* [Extended Flags]: 
** [X-NDS_NOT_CONTAINER]: 1

!! Category
%%category [eDirectory]%%

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>