Table 3–3 – Sun Microsystems 8190994 User Manual
Page 43
password policy are stored in the entry cn=Password Policy,cn=config. Note that in
Directory Server 5.1, password policy attributes were located directly under cn=config.
Directory Server 6.0 introduces the new pwdPolicy object class. The attributes of this object
class replace the old password policy attributes. For a description of these new attributes see the
pwdPolicy(5dsoc)
man page.
By default, the new password policy is backward compatible with the old password policy.
However, because backward compatibility is not guaranteed indefinitely, you should migrate to
the new password policy as soon as is convenient for your deployment. For information about
password policy compatibility, see
“Password Policy Compatibility” on page 75
The following table provides a mapping of the new password policy attributes whose values
must be migrated from the legacy attributes.
TABLE 3–3
Mapping Between 5 and 6.0 Password Policy Attributes
Legacy Directory Server Attribute
Directory Server 6.0 Attribute
- (password policy is applied to the userPassword
attribute only.)
pwdAttribute
passwordMinAge
pwdMinAge
passwordMaxAge
pwdMaxAge
passwordInHistory
pwdInHistory
passwordSyntax
pwdCheckQuality
passwordMinLength
pwdMinLength
passwordWarning
pwdExpireWarning
-
pwdGraceLoginLimit
passwordMustChange
pwdMustChange
passwordChange
pwdAllowUserChange
-
pwdSafeModify
passwordExp
-
passwordStorageScheme
-
passwordExpireWithoutWarning
-
passwordLockout
pwdLockout
passwordLockoutDuration
pwdLockoutDuration
passwordMaxFailure
pwdMaxFailure
Migrating Configuration Data Manually
Chapter 3 • Migrating Directory Server Manually
43
Sun Confidential: Registered