Server User Manual
Chapter 2. Core Server Configuration Reference
62
the Directory Server does not store any old passwords, and so users can reuse passwords. Enable
password history using the passwordHistory attribute.
To prevent users from rapidly cycling through the number of passwords that are tracked, use the
passwordMinAge attribute.
This can be abbreviated to pwdInHistory.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.
Parameter Description
Entry DN cn=config
Valid Range 2 to 24 passwords
Default Value 6
Syntax Integer
Example passwordInHistory: 7
2.3.1.121. passwordIsGlobalPolicy (Password Policy and Replication)
This attribute controls whether password policy attributes are replicated.
Parameter Description
Entry DN cn=config
Valid Values on | off
Default Value off
Syntax DirectoryString
Example passwordIsGlobalPolicy: off
2.3.1.122. passwordKeepHistory
This attribute sets whether a password history is maintained for users.
Parameter Description
Entry DN cn=config
Valid Values 0 (no history) or 1 (keep history)
Default Value 0
Syntax DirectoryString
Example passwordKeepHistory: 1
2.3.1.123. passwordLockout (Account Lockout)
Indicates whether users are locked out of the directory after a given number of failed bind attempts.
By default, users are not locked out of the directory after a series of failed bind attempts. If account
lockout is enabled, set the number of failed bind attempts after which the user is locked out using the
passwordMaxFailure attribute.