If your CA Directory DSA uses password policies and it is replicated to another LDAP directory, you can replicate some password policy attributes to the other LDAP directory.
To replicate password policy attributes to another LDAP directory
ldap-names = attribute-name
Note: Any password policy attributes that are not marked with ldap-names are not included in the replicated update. If no attributes are included, then the update is not sent.
set password-netscape-op-attrs = true | false;
Example: Replicate Two Password Attributes to a SunONE Directory
In this example, your directory backbone includes a SunONE directory. This is kept synchronized by multiwrite replication between the CA Directory DSA and the SunONE directory.
Your SunONE directory uses the following password attributes:
SunONE Attribute |
Equivalent CA Directory Attribute |
---|---|
nsAccountLock |
dxPwdLocked |
passwordRetryCount |
dxPwdFailedAttempts |
To include these attributes in the replication, do the following:
schema set attribute dxserver-attr:11 = { name = dxPwdFailedAttempts ldap-names = passwordRetryCount syntax = integer single-valued no-user-modification };
schema set attribute dxserver-attr:14 = { name = dxPwdLocked ldap-names = nsAccountLock syntax = boolean };
set password-netscape-op-attrs = true;
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |