I need your expertise , I am looking to configure global password policy for an existing DS with aprox 7 k users, at present we are using only the userPassword attribute , no extra password plugins or attributes are enabled , the DS is running 220.127.116.11-24.el7_5.x86_64
What is the less intrusive solution to implement a global Password Policy and cfg attributes for all existing user accounts without sending each user emails notification to reset their password ? I understand the Password Policy will take effect only after the users passwords are reset , is this correct ?
You are not being specific about what password policy you want to implement, there are countless variations. Some require the password to be reset to start working, others do not. So please let us know exactly what you want to implement from password policy so we can answer your questions. For example there is password history, password expiration, password warning, grace periods, syntax checking, account lockout, etc. Each one has its own behavior and configuration.
If you are not sure what you want to implement then I recommend looking over the admin guide to see more details on the password policy options:
_______________________________________________ 389-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to email@example.com Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://firstname.lastname@example.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- Directory Server Development Team