Administration Guide › Rarely-Used Features › Replicate Password Policy Attributes to Another LDAP Directory

Replicate Password Policy Attributes to Another LDAP Directory

If your CA Directory DSA uses password policies and it is replicated to another LDAP directory, you can replicate some password policy attributes to the other LDAP directory.

To replicate password policy attributes to another LDAP directory

1. Decide which password policy attributes are to be replicated to the other LDAP directory.
2. For each attribute to be replicated, add the following line to the attribute definition in the dxserver.dxc schema file:

   ldap-names = attribute-name
   

   Note: Any password policy attributes that are not marked with ldap-names are not included in the replicated update. If no attributes are included, then the update is not sent.

3. Set the following command to true:

   set password-netscape-op-attrs = true | false;
   

4. Initialize the CA Directory DSAs.

Example: Replicate Two Password Attributes to a SunONE Directory

In this example, your directory backbone includes a SunONE directory. This is kept synchronized by multiwrite replication between the CA Directory DSA and the SunONE directory.

Your SunONE directory uses the following password attributes:

To include these attributes in the replication, do the following:

1. In the dxserver.dxc schema file, find the definitions for the two CA Directory attributes.
2. Add the lines shown in bold to these attribute definitions:

   schema set attribute dxserver-attr:11 = {
    name = dxPwdFailedAttempts
    ldap-names = passwordRetryCount
    syntax = integer
    single-valued
    no-user-modification
   };
   

   schema set attribute dxserver-attr:14 = {
    name = dxPwdLocked
    ldap-names = nsAccountLock
    syntax = boolean
   };
   

3. Add the following command to a .dxc file used by the CA Directory DSA:

   set password-netscape-op-attrs = true;
   

4. Initialize the CA Directory DSA.

More information:

set password-netscape-op-attrs Command