LDAPWiki: NspmPasswordPolicy

Overview#

NspmPasswordPolicy is the Password Policy object when using Universal Password on EDirectory.

Well technically, the "nsimAssignments" may hold the entries that the policy is assigned; however, the real test is if the entry has a value for the "nspmPasswordPolicyDN" attribute.

nspmPasswordPolicyDN=cn=generalusers,cn=Password Policies,cn=Security

The nspmPasswordPolicyDN is defined with the OID of 2.16.840.1.113719.1.39.43.4.6.

Determination of the password policy assignment follows this algorithm described in Determination Of Which Universal Password Policy Is Assigned

A typical NspmPasswordPolicy might be like:

nsimPwdRuleEnforcement=FALSE
nsimChallengeSetGUID=1224508481110 - This is a timestamp
nsimChallengeSetDN=cn=generalChalangeSet,cn=Password Policies,cn=Security
nsimAssignments=ou=people,dc=willeke,dc=com
nsimAssignments=ou=Addresses,ou=people,dc=willeke,dc=com
nsimForgottenAction=<ForgottenPassword\>\<Enabled\>true\</Enabled\>\<Sequence\>\<Authentication\>\<![CDATA[generalChalangeSet.Password Policies.Security]]\>\</Authentication\>\<Action\>ShowHint\</Action\>\</Sequence\>\</ForgottenPassword\>
nsimForgottenLoginConfig=TRUE
nspmCaseSensitive=TRUE
nspmSpecialAsLastCharacter=FALSE
nspmSpecialAsFirstCharacter=FALSE
nspmSpecialCharactersAllowed=TRUE
nspmNumericAsLastCharacter=TRUE
nspmNumericAsFirstCharacter=TRUE
nspmNumericCharactersAllowed=TRUE
nspmMaximumLength=50
nspmConfigurationOptions=884
passwordUniqueRequired=FALSE
Password Minimum Length=4
passwordAllowChange=TRUE
objectClass=nspmPasswordPolicy
objectClass=Top
description=All normal user will need to abide by these password policies
cn=generalusers
passwordExpirationInterval

Password Self-Service#

Novell's password self-service is implemented by defining a Novell password policy and associating the policy to a challenge set. So in our example, we have created a password policy, cn=generalusers,cn=Password%20Policies,cn=Security. This policy entry, and instance of "nspmPasswordPolicy", is linked to the nsimChallengeSet by an attribute "nsimForgottenAction" with the value:

<ForgottenPassword>
    <Enabled>true</Enabled>
    <Sequence>
        <Authentication><![CDATA[generalChalangeSet.Password Policies.Security]]></Authentication>
        <Action>ShowHint</Action>
    </Sequence>
</ForgottenPassword>

As the nsimChallengeSet is a single-valued attribute, there can be only one nsimChallengeSet for each nspmPasswordPolicy.

Also, there can only be one password policy assigned to each user.

ObjectClass Definition#

The ObjectClass Type is defined as:

Category#

eDirectory

More Information#

There might be more information for this subject on one of the following: