HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

291

292

293

294

295

296

297

298

299

300

dn: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

objectclass: top

objectclass: extensibleObject

objectclass: ldapsubentry

objectclass: passwordpolicy

• The CoS template entry (nsPwTemplateEntry) that has the pwdpolicysubentry

value pointing to the above (nsPwPolicyEntry) entry. For example:

dn: cn="cn=nsPwTemplateEntry,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

objectclass: top

objectclass: extensibleObject

objectclass: costemplate

objectclass: ldapsubentry

cosPriority: 1

pwdpolicysubentry: cn="cn=nsPwPolicyEntry,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

• The CoS specification entry at the subtree level. For example:

dn: cn=nsPwPolicy_cos,ou=people,dc=example,dc=com

objectclass: top

objectclass: LDAPsubentry

objectclass: cosSuperDefinition

objectclass: cosPointerDefinition

cosTemplateDn: cn="cn=nsPwTemplateEntry,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

cosAttribute: pwdpolicysubentry default operational

For a user (for example, uid=jdoe, ou=people, dc=example, dc=com), the following

entries are added:

• A container entry (nsPwPolicyContainer) at the parent level for holding various

password policy related entries for the user and all its children. For example:

dn: cn=nsPwPolicyContainer, ou=people, dc=example, dc=com

objectClass: top

objectClass: nsContainer

cn: nsPwPolicyContainer

• The actual password policy specification entry (nsPwPolicyEntry) for holding the

password policy attributes that are specific to the user. For example:

dn: cn="cn=nsPwPolicyEntry,uid=jdoe,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

objectclass: top

objectclass: extensibleObject

objectclass: ldapsubentry

objectclass: passwordpolicy

3. Assign the value of the above entry DN to the pwdpolicysubentry attribute of the target

entry. For example, this assigns the password policy to the user entry:

dn: uid=jdoe,ou=people,dc=example,dc=com

changetype: modify

replace: pwdpolicysubentry

pwdpolicysubentry: "cn=nsPwPolicyEntry,uid=jdoe,ou=people,dc=example,dc=com",

cn=nsPwPolicyContainer,ou=people,dc=example,dc=com

4. Set the password policy attributes of subtree or user entry with the appropriate values.

Table 32 (page 293) describes the attributes available to configure the password policy. The

ldapmodify utility can be used to change these attributes in the cn=config entry.

296 Managing User Authentication