Server User Manual

cn=config

a grace login. The server allows only a certain number of attempts before completely locking out the

user. This attribute is the number of grace logins allowed. A value of 0 means the server does not

allow grace logins.

Parameter Description

Entry DN cn=config

Valid Values 0 (off) to any reasonable integer

Default Value 0

Syntax Integer

Example passwordGraceLimit: 3

2.3.1.118. passwordGraceUserTime

This attribute counts the number of attempts the user has made with the expired password.

This is an operational attribute, meaning its value is managed by the server and the attribute is not

returned in default searches.

Parameter Description

Entry DN cn=config

Valid Values none to any reasonable integer

Default Value none

Syntax Integer

Example passwordGraceUserTime: 1

2.3.1.119. passwordHistory (Password History)

Enables password history. Password history refers to whether users are allowed to reuse passwords.

By default, password history is disabled, and users can reuse passwords. If this attribute is set to

on, the directory stores a given number of old passwords and prevents users from reusing any

of the stored passwords. Set the number of old passwords the Directory Server stores using the

passwordInHistory attribute.

For more information on password policies, see the "Managing Users and Passwords" chapter in the

Directory Server Administrator's Guide.

Parameter Description

Entry DN cn=config

Valid Values on | off

Default Value off

Syntax DirectoryString

Example passwordHistory: on

2.3.1.120. passwordInHistory (Number of Passwords to Remember)

Indicates the number of passwords the Directory Server stores in history. Passwords that are stored in

history cannot be reused by users. By default, the password history feature is disabled, meaning that