Server User Manual
Chapter 2. Core Server Configuration Reference
70
against hackers who try to break into the directory by repeatedly trying to guess a user's password. If
this passwordUnlock attribute is set to off and the operational attribute accountUnlockTime has
a value of 0, then the account is locked indefinitely.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.
Parameter Description
Entry DN cn=config
Valid Values on | off
Default Value on
Syntax DirectoryString
Example passwordUnlock: off
2.3.1.144. passwordWarning (Send Warning)
Indicates the number of seconds before a user's password is due to expire that the user receives a
password expiration warning control on their next LDAP operation. Depending on the LDAP client, the
user may also be prompted to change their password at the time the warning is sent.
This can be abbreviated to pwdExpireWarning.
For more information on password policies, see the "Managing Users and Passwords" chapter in the
Directory Server Administrator's Guide.
Parameter Description
Entry DN cn=config
Valid Range 1 to the maximum 32 bit integer value
(2147483647) in seconds
Default Value 86400 (1 day)
Syntax Integer
Example passwordWarning: 86400
2.3.1.145. retryCountResetTime
This attribute specifies the length of time that passes before the passwordRetryCount attribute is
reset.
Parameter Description
Entry DN cn=config
Valid Range 1 to any reasonable integer
Default Value none
Syntax Integer
Example retryCountResetTime: 15