Server User Manual

cn=config
61
a grace login. The server allows only a certain number of attempts before completely locking out the
user. This attribute is the number of grace logins allowed. A value of 0 means the server does not
allow grace logins.
Parameter Description
Entry DN cn=config
Valid Values 0 (off) to any reasonable integer
Default Value 0
Syntax Integer
Example passwordGraceLimit: 3
2.3.1.118. passwordGraceUserTime
This attribute counts the number of attempts the user has made with the expired password.
This is an operational attribute, meaning its value is managed by the server and the attribute is not
returned in default searches.
Parameter Description
Entry DN cn=config
Valid Values none to any reasonable integer
Default Value none
Syntax Integer
Example passwordGraceUserTime: 1
2.3.1.119. passwordHistory (Password History)
Enables password history. Password history refers to whether users are allowed to reuse passwords.
By default, password history is disabled, and users can reuse passwords. If this attribute is set to
on, the directory stores a given number of old passwords and prevents users from reusing any
of the stored passwords. Set the number of old passwords the Directory Server stores using the
passwordInHistory attribute.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.
Parameter Description
Entry DN cn=config
Valid Values on | off
Default Value off
Syntax DirectoryString
Example passwordHistory: on
2.3.1.120. passwordInHistory (Number of Passwords to Remember)
Indicates the number of passwords the Directory Server stores in history. Passwords that are stored in
history cannot be reused by users. By default, the password history feature is disabled, meaning that