Administration Guide › Manage User Accounts and Passwords › Create a Password Policy › Example Password Policies › Example: Multiple Password Policies

Example: Multiple Password Policies

In this example, a single DSA contains two types of users: users and administrators. Each user type has its own password policy.

The Default policy contains settings that are common to both policies. However some of these are overridden.

The directory architect has created the following password policy:

• No password may contain the user name.
• The two types of users have different minimum password lengths:
  • Administrators: At least 12 characters
  • Users: At least 8 characters
• Administrator passwords must contain at least two numbers and at least one uppercase letter.
• Users must change their passwords at least every 30 days.

Here is the configuration for these policies:

set password-policy = true;
set password-username-substring = true;
set password-min-length = 12;

set target-password-policy = Admin; 
set password-numeric    = 2;
set password-uppercase   = 1;

set target-password-policy = Users;
set password-min-length = 8;
set password-age = 30;

After creating the password policies, assign the policies to the relevant users:

dn: cn=admin,ou=Administrators,c=au
objectClass: inetOrgperson
dxPwdPolicy: Admin

dn: cn=John Smith,ou=Users,c=au
objectClass: inetOrgperson
dxPwdPolicy: Users

More information:

Create Multiple Password Policies for Each DSA