Friday, September 10, 2021

[389-users] Re: global passwd policy for DS with existing users

On 9/10/21 1:46 PM, Ghiurea, Isabella wrote:

Hi List,

I need your expertise  , I am looking to configure global  password policy for an existing DS  with  aprox 7 k users, at present we are using only the userPassword attribute  , no extra password plugins or  attributes are  enabled , the DS is running

What is the  less intrusive  solution to implement  a  global Password Policy  and cfg  attributes  for all   existing user accounts  without sending each user emails notification to reset their password ?  I  understand the Password Policy will take effect  only after the users passwords  are  reset , is this correct ?


You are not being specific about what password policy you want to implement, there are countless variations.  Some require the password to be reset to start working, others do not.  So please let us know exactly what you want to implement from password policy so we can answer your questions.  For example there is password history, password expiration, password warning, grace periods, syntax checking, account lockout, etc. Each one has its own behavior and configuration.

If you are not sure what you want to implement then I recommend looking over the admin guide to see more details on the password policy options:



_______________________________________________  389-users mailing list --  To unsubscribe send an email to  Fedora Code of Conduct:  List Guidelines:  List Archives:  Do not reply to spam on the list, report it:  
--   Directory Server Development Team

No comments:

Post a Comment