Some applications implement password policy by binding as a single user. All password comparisons and modifications are then performed by that user on behalf of all users. This can be used because SSL is expensive to establish, which means that allowing each user to create an SSL connection may be impractical.
This means that if someone binds as a different user for account administration reasons, password checks and changes to password policy are ignored.
To apply password policies to a proxy user
set password-proxy-user = DN;
When an application binds as this password proxy user, the password policy is applied to password compares and modifications.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |