Enabling password policy on Tivoli Directory Server
Check if the pwdpolicy is enabled:
[root@localhost ~]# ldapsearch -D cn=root -w 123lab -p 1389 -s sub -b cn=pwdpolicy,cn=ibmpolicies objectclass=*
cn=pwdpolicy,cn=ibmpolicies
objectclass=container
objectclass=pwdPolicy
objectclass=ibm-pwdPolicyExt
objectclass=ibm-pwdGroupAndIndividualPolicies
objectclass=top
cn=pwdPolicy
pwdAttribute=userPassword
pwdInHistory=0
pwdCheckSyntax=0
pwdGraceLoginLimit=0
pwdLockoutDuration=0
pwdMaxFailure=0
pwdFailureCountInterval=0
passwordMaxRepeatedChars=0
passwordMaxConsecutiveRepeatedChars=0
pwdMaxAge=0
pwdMinAge=0
pwdExpireWarning=0
pwdMinLength=0
passwordMinAlphaChars=0
passwordMinOtherChars=0
passwordMinDiffChars=0
ibm-pwdPolicy=false
pwdLockout=false
pwdAllowUserChange=true
pwdMustChange=true
pwdSafeModify=false
ibm-pwdGroupAndIndividualEnabled=false
Enable the ibm-pwdPolicy:
Enable the ibm-pwdGroupAndIndividualEnabled (note I have used -k option, which is admin control switch):
Now you can see that pwdpolicy is enabled for Individual and Groups
[root@localhost ~]# ldapsearch -D cn=root -w 123lab -p 1389 -s sub -b cn=pwdpolicy,cn=ibmpolicies objectclass=*
cn=pwdpolicy,cn=ibmpolicies
objectclass=container
objectclass=pwdPolicy
objectclass=ibm-pwdPolicyExt
objectclass=ibm-pwdGroupAndIndividualPolicies
objectclass=top
cn=pwdPolicy
pwdAttribute=userPassword
pwdInHistory=0
pwdCheckSyntax=0
pwdGraceLoginLimit=0
pwdLockoutDuration=0
pwdMaxFailure=0
pwdFailureCountInterval=0
passwordMaxRepeatedChars=0
passwordMaxConsecutiveRepeatedChars=0
pwdMaxAge=0
pwdMinAge=0
pwdExpireWarning=0
pwdMinLength=0
passwordMinAlphaChars=0
passwordMinOtherChars=0
passwordMinDiffChars=0
ibm-pwdPolicy=false
pwdLockout=false
pwdAllowUserChange=true
pwdMustChange=true
pwdSafeModify=false
ibm-pwdGroupAndIndividualEnabled=false
Enable the ibm-pwdPolicy:
[root@localhost ~]# idsldapmodify -p 1389 -D cn=root -w 123lab
dn: cn=pwdpolicy,cn=ibmpolicies
changetype: modify
replace: ibm-pwdpolicy
ibm-pwdpolicy:true
Operation 0 modifying entry cn=pwdpolicy,cn=ibmpolicies
[root@localhost ~]# idsldapmodify -p 1389 -D cn=root -w 123lab -k
dn: cn=pwdpolicy,cn=ibmpolicies
changetype: modify
replace: ibm-pwdGroupAndIndividualEnabled
ibm-pwdGroupAndIndividualEnabled: true
Operation 0 modifying entry cn=pwdpolicy,cn=ibmpolicies
[root@localhost ~]# ldapsearch -D cn=root -w 123lab -p 1389 -s sub -b cn=pwdpolicy,cn=ibmpolicies objectclass=*
cn=pwdpolicy,cn=ibmpolicies
objectclass=container
objectclass=pwdPolicy
objectclass=ibm-pwdPolicyExt
objectclass=ibm-pwdGroupAndIndividualPolicies
objectclass=top
cn=pwdPolicy
pwdAttribute=userPassword
pwdInHistory=0
pwdCheckSyntax=0
pwdGraceLoginLimit=0
pwdLockoutDuration=0
pwdMaxFailure=0
pwdFailureCountInterval=0
passwordMaxRepeatedChars=0
passwordMaxConsecutiveRepeatedChars=0
pwdMaxAge=0
pwdMinAge=0
pwdExpireWarning=0
pwdMinLength=0
passwordMinAlphaChars=0
passwordMinOtherChars=0
passwordMinDiffChars=0
pwdLockout=false
pwdAllowUserChange=true
pwdMustChange=true
pwdSafeModify=false
ibm-pwdpolicy=true
ibm-pwdPolicyStartTime=20141006090751Z
ibm-pwdGroupAndIndividualEnabled=true
posted by Chirag Radhakrishnan @ October 06, 2014
0 Comments
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home