HP-UX Directory Server 8.1 schema reference

Three encryption types are supported by Directory Server:

• SSHA (Salted Secure Hash Algorithm) is the recommended method as it is the most secure.

• SHA (Secure Hash Algorithm) is supplied only for compatibility with 4.x legacy servers and

should not be used otherwise.

• CRYPT is the UNIX crypt algorithm. It is provided for compatibility with UNIX passwords.

2.16.840.1.113730.3.1.221OID

DirectoryStringSyntax

Single-valuedMulti- or Single-Valued

Directory ServerDefined in

4.1.39 passwordUnlock

This attribute sets whether users will be locked out of the directory for a specified amount of

time or until the administrator resets the password after an account lockout. The account lockout

feature protects against hackers who try to break into the directory by repeatedly trying to guess

a user’s password. If this passwordUnlock attribute is set to off and the operational attribute

accountUnlockTime has a value of 0, then the account will be locked indefinitely.

2.16.840.1.113730.3.1.108OID

DirectoryStringSyntax

Single-valuedMulti- or Single-Valued

Directory ServerDefined in

4.1.40 passwordWarning (pwdExpireWarning)

This attributes sets the length of time in seconds before a user’s password expires that the user

will receive a password expiration warning. The warning control will appear on their next LDAP

operation. Depending on the LDAP client, the user may also be prompted to change their

password at the time the warning is sent.

2.16.840.1.113730.3.1.104OID

IntegerSyntax

Single-valuedMulti- or Single-Valued

Directory ServerDefined in

4.1.41 pwdpolicysubentry

This attribute value points to the entry DN of the new password policy.

2.16.840.1.113730.3.1.997OID

DirectoryStringSyntax

Single-valuedMulti- or Single-Valued

Directory ServerDefined in

102 Operational attributes, special attributes, and special object classes