LDAP Admin - Password PolicyPassword Policy by John 'Profic' Ustiuzhanin
ver 1.0Template for Password Policy entry (OpenLDAP ppolicy overlay)
<template>
<name>Password Policy</name>
<description>Template for Password Policy entry (OpenLDAP ppolicy overlay)</description>
<version>1.0</version>
<author>John 'Profic' Ustiuzhanin</author>
<email>profic@gmail.com</email>
<rdn>cn</rdn>
<attribute>
<name>objectClass</name>
<value>applicationProcess</value>
<value>pwdPolicy</value>
</attribute>
<control type="panel">
<caption>Identification</caption>
<bevel>frame</bevel>
<attribute type="text">
<name>cn</name>
<description>Common name for entry</description>
</attribute>
<attribute type="text">
<name>description</name>
<description>Description of entry</description>
</attribute>
</control>
<attribute>
<name>pwdAttribute</name>
<value>userPassword</value>
</attribute>
<control type="panel">
<caption>Password expiration</caption>
<bevel>frame</bevel>
<attribute type="integer">
<name>pwdMinAge</name>
<description>Minimum time before users are allowed to change their passwords (in seconds)</description>
</attribute>
<attribute type="integer">
<name>pwdMaxAge</name>
<description>Maximum time before users are forced to change their passwords (in seconds)</description>
</attribute>
<attribute type="integer">
<name>pwdExpireWarning</name>
<description>Time to issue a warning before user passwords are due to expire (in seconds)</description>
</attribute>
<attribute type="integer">
<name>pwdGraceAuthNLimit</name>
<description>Number of times users may use their expired passwords</description>
</attribute>
</control>
<control type="panel">
<caption>Account lockout</caption>
<bevel>frame</bevel>
<attribute type="boolean">
<name>pwdLockout</name>
<description>Lockout account after specified number of failed login attempts</description>
<control type="checkbox">
<true>TRUE</true>
<false>FALSE</false>
</control>
</attribute>
<attribute type="integer">
<name>pwdLockoutDuration</name>
<description>Time to lockout account (in seconds)</description>
</attribute>
<attribute type="integer">
<name>pwdMaxFailure</name>
<description>Number of consecutive failed login attempts to lockout account</description>
</attribute>
<attribute type="integer">
<name>pwdFailureCountInterval</name>
<description>Time to reset number of failed login attempts (in seconds)</description>
</attribute>
</control>
<control type="panel">
<caption>Password changing and quality</caption>
<bevel>frame</bevel>
<attribute type="boolean">
<name>pwdAllowUserChange</name>
<description>Allow users to change their passwords</description>
<control type="checkbox">
<true>TRUE</true>
<false>FALSE</false>
</control>
</attribute>
<attribute type="boolean">
<name>pwdMustChange</name>
<description>Force users to change their passwords after administrative reset</description>
<control type="checkbox">
<true>TRUE</true>
<false>FALSE</false>
</control>
</attribute>
<attribute type="boolean">
<name>pwdSafeModify</name>
<description>Force users to sent current passwords along with new ones when changing them</description>
<control type="checkbox">
<true>TRUE</true>
<false>FALSE</false>
</control>
</attribute>
<attribute type="integer">
<name>pwdInHistory</name>
<description>Passwords to store in history</description>
</attribute>
<attribute type="integer">
<name>pwdCheckQuality</name>
<description>Check password quality</description>
<control type="combolist">
<items>
<item>
<value>0</value>
<caption>Do not check quality</caption>
</item>
<item>
<value>1</value>
<caption>Check quality and accept if can't do it</caption>
</item>
<item>
<value>2</value>
<caption>Check quality and reject if can't do it</caption>
</item>
</items>
</control>
</attribute>
<attribute type="integer">
<name>pwdMinLength</name>
<description>Minimum number of characters in password</description>
</attribute>
</control>
</template>
| 
News