| 9 |
- |
1 |
# $OpenLDAP$
|
|
|
2 |
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
|
3 |
##
|
|
|
4 |
## Copyright 2004-2014 The OpenLDAP Foundation.
|
|
|
5 |
## All rights reserved.
|
|
|
6 |
##
|
|
|
7 |
## Redistribution and use in source and binary forms, with or without
|
|
|
8 |
## modification, are permitted only as authorized by the OpenLDAP
|
|
|
9 |
## Public License.
|
|
|
10 |
##
|
|
|
11 |
## A copy of this license is available in the file LICENSE in the
|
|
|
12 |
## top-level directory of the distribution or, alternatively, at
|
|
|
13 |
## <http://www.OpenLDAP.org/license.html>.
|
|
|
14 |
#
|
|
|
15 |
## Portions Copyright (C) The Internet Society (2004).
|
|
|
16 |
## Please see full copyright statement below.
|
|
|
17 |
#
|
|
|
18 |
# Definitions from Draft behera-ldap-password-policy-07 (a work in progress)
|
|
|
19 |
# Password Policy for LDAP Directories
|
|
|
20 |
# With extensions from Hewlett-Packard:
|
|
|
21 |
# pwdCheckModule etc.
|
|
|
22 |
#
|
|
|
23 |
# Contents of this file are subject to change (including deletion)
|
|
|
24 |
# without notice.
|
|
|
25 |
#
|
|
|
26 |
# Not recommended for production use!
|
|
|
27 |
# Use with extreme caution!
|
|
|
28 |
#
|
|
|
29 |
# This file was automatically generated from ppolicy.schema; see that file
|
|
|
30 |
# for complete references.
|
|
|
31 |
#
|
|
|
32 |
dn: cn=ppolicy,cn=schema,cn=config
|
|
|
33 |
objectClass: olcSchemaConfig
|
|
|
34 |
cn: ppolicy
|
|
|
35 |
olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY
|
|
|
36 |
objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
|
|
37 |
olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in
|
| 34 |
- |
38 |
tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
|
39 |
SINGLE-VALUE )
|
| 9 |
- |
40 |
olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in
|
| 34 |
- |
41 |
tegerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
|
42 |
SINGLE-VALUE )
|
| 9 |
- |
43 |
olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY
|
| 34 |
- |
44 |
integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
|
|
|
45 |
.27 SINGLE-VALUE )
|
| 9 |
- |
46 |
olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL
|
| 34 |
- |
47 |
ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.12
|
|
|
48 |
1.1.27 SINGLE-VALUE )
|
| 9 |
- |
49 |
olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY
|
| 34 |
- |
50 |
integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
|
|
|
51 |
1.27 SINGLE-VALUE )
|
| 9 |
- |
52 |
olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA
|
| 34 |
- |
53 |
LITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.
|
|
|
54 |
121.1.27 SINGLE-VALUE )
|
| 9 |
- |
55 |
olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ
|
| 34 |
- |
56 |
UALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.11
|
|
|
57 |
5.121.1.27 SINGLE-VALUE )
|
| 9 |
- |
58 |
olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b
|
|
|
59 |
ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
|
|
60 |
olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E
|
| 34 |
- |
61 |
QUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.1
|
|
|
62 |
15.121.1.27 SINGLE-VALUE )
|
| 9 |
- |
63 |
olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL
|
| 34 |
- |
64 |
ITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.1
|
|
|
65 |
21.1.27 SINGLE-VALUE )
|
| 9 |
- |
66 |
olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter
|
| 34 |
- |
67 |
val' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.
|
|
|
68 |
1466.115.121.1.27 SINGLE-VALUE )
|
| 9 |
- |
69 |
olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL
|
|
|
70 |
ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
|
|
71 |
olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange'
|
|
|
72 |
EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
|
|
73 |
olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL
|
|
|
74 |
ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
|
|
75 |
olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L
|
|
|
76 |
oadable module that instantiates "check_password() function' EQUALITY caseExa
|
|
|
77 |
ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
|
|
78 |
olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top
|
|
|
79 |
AUXILIARY MAY pwdCheckModule )
|
|
|
80 |
olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI
|
|
|
81 |
LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck
|
|
|
82 |
Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $
|
|
|
83 |
pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange
|
|
|
84 |
$ pwdAllowUserChange $ pwdSafeModify ) )
|