HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

291

292

293

294

295

296

297

298

299

300

dn: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

objectclass: top

objectclass: extensibleObject

objectclass: ldapsubentry

objectclass: passwordpolicy

• The CoS template entry (nsPwTemplateEntry) that has the pwdpolicysubentry

value pointing to the above (nsPwPolicyEntry) entry. For example:

dn: cn="cn=nsPwTemplateEntry,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

objectclass: top

objectclass: extensibleObject

objectclass: costemplate

objectclass: ldapsubentry

cosPriority: 1

pwdpolicysubentry: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

• The CoS specification entry at the subtree level. For example:

dn: cn=nsPwPolicy_cos,ou=people,dc=example,dc=com

objectclass: top

objectclass: LDAPsubentry

objectclass: cosSuperDefinition

objectclass: cosPointerDefinition

cosTemplateDn: cn="cn=nsPwTemplateEntry,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

cosAttribute: pwdpolicysubentry default operational

For a user (for example, uid=jdoe, ou=people, dc=example, dc=com), the following

entries are added:

• A container entry (nsPwPolicyContainer) at the parent level for holding various

password policy related entries for the user and all its children. For example:

dn: cn=nsPwPolicyContainer, ou=people, dc=example, dc=com

objectClass: top

objectClass: nsContainer

cn: nsPwPolicyContainer

• The actual password policy specification entry (nsPwPolicyEntry) for holding the

password policy attributes that are specific to the user. For example:

dn: cn="cn=nsPwPolicyEntry,uid=jdoe,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

objectclass: top

objectclass: extensibleObject

objectclass: ldapsubentry

objectclass: passwordpolicy

3. Assign the value of the above entry DN to the pwdpolicysubentry attribute of the target

entry. For example, this assigns the password policy to the user entry:

dn: uid=jdoe,ou=people,dc=example,dc=com

changetype: modify

replace: pwdpolicysubentry

pwdpolicysubentry: "cn=nsPwPolicyEntry,uid=jdoe,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

4. Set the password policy attributes of subtree or user entry with the appropriate values.

Table 7-1 “Password policy attributes” describes the attributes available to configure the

password policy. The ldapmodify utility can be used to change these attributes in the

cn=config entry.

7.1 Managing the password policy 299