Red Hat Directory Server 8.0 Administrator's Guide
1. Select the Configuration tab and then the Data node.
2. In the right pane, select the Account Lockout tab.
3.
To enable account lockout, select the Accounts may be locked out checkbox.
4.
Enter the maximum number of allowed bind failures in the Lockout account after X login
failures text box. The server locks out users who exceed the limit specified here.
5. In the Reset failure counter after X minutes text box, enter the number of minutes for the
server to wait before resetting the bind failure counter to zero.
6.
Set the interval for users to be locked out of the directory.
• Select the Lockout Forever radio button to lock users out until their passwords have been
reset by the administrator.
• Set a specific lockout period by selecting the Lockout Duration radio button and entering
the time (in minutes) in the text box.
7. Click Save.
1.4.2. Configuring the Account Lockout Policy Using the
Command-Line
This section describes the attributes to create an account lockout policy to protect the
passwords stored in the server. Use ldapmodify to change these attributes in the cn=config
entry.
Table 7.3, “Account Lockout Policy Attributes” describes the attributes available to configure the
account lockout policy.
Attribute Name Definition
passwordLockout This attribute indicates whether users are
locked out of the directory after a given
number of failed bind attempts. Set the
number of failed bind attempts after which the
user will be locked out using the
passwordMaxFailure attribute. Users can be
locked out for a specific time or until an
administrator resets the password. This
attribute is set to off by default, meaning that
users will not be locked out of the directory.
passwordMaxFailure This attribute indicates the number of failed
bind attempts after which a user will be locked
Chapter 7. Managing User Accounts and Passwords
258