Looking for some guidance with password policies.
About a year ago I migrated a very old instance of Red Hat Directory server to
389-ds version 126.96.36.199. I did this with a db export and import. I did not
enable the password policy which was active on the old Red Hat Directory
It has come time to (re)enable a password policy on the 389-ds instance and I
am hoping for some guidance on how to proceed. The policy would be one of
syntax and expiration requirements. All the applicable users appear to have the
require attributes (passwordexpirationtime, passwordexpwarned,
passwordgracetimeuser, passwordhistory, passwordretrycount, retrycoutresettime)
1. All the users on which the password policy should apply are under
o It should therefore be safe to apply the password policy here for subtree?
2. What is the best way to set individual users who should be exempt from
3. Some of the users who should be exempt are within nsPwPolicyContainer
under ou=People. Does this relate to question #2?
4. Given that there has been a long time passed where the password policy
has not been active, it probably makes sense to set applicable user’s
passwordexpirationtime attribute to sometime in the future so there isn’t a
flood of “password lockout” complaints?
[cid:EL-logo_7ba48a57-966c-4a07-b478-7857c99d9581.png] Kirk MacDonald | System
Eastlink | Internet
kirk.macdon...@corp.eastlink.ca T: 902.406.4969
389-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org