Server User Manual
Chapter 2. Core Server Configuration Reference
68
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.
Parameter Description
Entry DN cn=config
Valid Values on | off
Default Value off
Syntax DirectoryString
Example passwordMustChange: off
2.3.1.139. passwordResetDuration
This attribute sets the amount of time that must pass after login failures before the server resets the
password retry count to zero.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.
Parameter Description
Entry DN cn=config
Valid Range 0 to the maximum 32 bit integer value
(2147483647) in seconds
Default Value 600
Syntax Integer
Example passwordResetDuration: 600
2.3.1.140. passwordResetFailureCount (Reset Password Failure Count
After)
Indicates the amount of time in seconds after which the password failure counter resets. Each time
an invalid password is sent from the user's account, the password failure counter is incremented. If
the passwordLockout attribute is set to on, users are locked out of the directory when the counter
reaches the number of failures specified by the passwordMaxFailure attribute (within 600 seconds
by default). After the amount of time specified by the passwordLockoutDuration attribute, the
failure counter is reset to zero (0).
This can be abbreviated to pwdFailureCountInterval.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.
Parameter Description
Entry DN cn=config
Valid Range 1 to the maximum 32 bit integer value
(2147483647) in seconds
Default Value 600
Syntax Integer