IBM LDAP Password policy attributes

 Password policy attributes : 

  1. pwdAttribute - pwdAttribute attribute specifies the name of the attribute to which the password policy is being applied, this attribute can only be set to the userPassword attribute.
  2. pwdMinAge - pwdMinAge attribute specifies the number of seconds that must pass since the last password modification, before modifying a password.
  3. pwdMaxAge - pwdMaxAge attribute specifies the number of seconds after which a modified password will expire (0 means password does not expire)
  4. pwdInHistory - pwdInHistory attribute specifies the number of passwords, which are stored in the pwdHistory attribute.
  5. pwdCheckSyntax - pwdCheckSynatx attribute indicates whether or not the password will be checked for syntax. ( '0' means syntax checking will not be enforced, '1' means the server will check the syntax, and if the server is unable to check the syntax (due to a hashed password or other reasons) it will be accepted. '2' means the server will check the syntax, and if the server is unable to check the syntax it returns an error refusing the password)
  6. pwdMinLength - pwdMinLength attribute specifies the minimum length of the password string. The server will check the minimum length depending upon the value of the pwdCheckSyntax attribute.
  7. pwdExpireWarning - pwdExpireWarning attribute specifies the maximum number of seconds before a password is about to expire that expiration warning messages will be returned to an authenticating user.
  8. pwdGraceLoginLimit -pwdGraceLogingLimit attribute specifies the number of times an expired password can be used to authenticate user.
  9. pwdLockout- pwdLockout attribute indicates whether or not a password may be used to authenticate after a specified number of consecutive failed bind attempts.
  10. pwdLockoutDuration - pwdLockoutDuration attribute specifies the number of seconds that the password cannot be used to authenticate due to specified 'pwdMaxFailure' failed bind attempts.
  11. pwdMaxFailure - pwdMaxFailure attribute specified the maximum number of consecutive failed bind attempts allowed, after which the password may not be used to authenticate.(0 means the value of pwdLockout will be ignored)
  12. pwdFailureCountInterval - pwdFailureCountInterval attribute specifies the number of seconds after which the password failures are removed from the failure counter even though no successful authentication has happened.
  13. pwdMustChange - pwdMustChange attribute specifies whether or not the users must change their password when they first bind to the directory after the administrator has reset their password.
  14. pwdAllowUserChange -pwdAllowUserChange attribute specifies whether or not the users are allowed to change their own passwords
  15. pwdSafeModify - pwdSafeModify attribute specifies whether or not the existing password must be sent when changing a password.
  16. ibm-pwdPolicy - ibm-pwdPolicy attribute specifies whether the Password Policy is turned ON or OFF.
  17. passwordMinAlphaChars - passwordMinAlphaChars attribute specifies the minimum number of alphabet characters which the password string must have. If the server is unable to check the number of alphabetic characters, then the server will continue processing depending on the value of the pwdCheckSyntax attribute.
  18. passwordMinOtherChars - passwordMinOtherChars attribute specifies the minimum number of numeric and special characters which the password string must have. If the server is unable to check the number of other characters, then the server will continue processing depending on the value of the pwdCheckSyntax attribute.
  19. passwordMaxRepeatedChars - passwordMaxRepeatedChars attribute specifies the maximum number of times a given character can be used in a password. If the server is unable to check the actual password characters, then the server will continue processing depending on the value of the pwdCheckSyntax attribute.
  20. passwordMinDiffChars - passwordMinDiffChars attribute specifies the minimum number of characters in the new password that must be different from the characters in the old password, and any passwords stored in the pwdHistory. If the password has been one-way encrypted the server is unable to check actual password characters, then the server will continue processing depending on the value of the pwdCheckSyntax attribute.

 Product Alias/Synonym

TDS
ITDS
IDS