Designing a Password PolicyChapter 8 Designing a Secure Directory 169In addition to bind requests, password policy also occurs during add and modifyoperations if the userPassword attribute (which is explained in the section thatfollows) is present in the request.• If you try to modify userPassword, the password minimum age policy isactivated, and, if it is too soon to allow the change, the server will return aconstraintViolation error. The password will not be changed.• If you try to add or modify userPassword, the password syntax checking andpassword minimum length policies are activated. If the userPassword lengthis less than the minimum length, the server will return aconstraintViolation error. The password will not be changed.• If you try to modify userPassword, the password history policy is activated. IfuserPassword is in the history or userPassword is the same as the currentpassword, the server will return a constraintViolation error. The passwordwill not be changed.• If you try to add or modify userPassword, the password syntax checkingpolicy is activated, and, if userPassword is the value of another attribute of theentry, the server will return a constraintViolation error. The password willnot be changed.Password Policy AttributesThis section describes the attributes you set to create a password policy for yourserver. For instructions to set these attributes, check the Red Hat Directory ServerAdministrator’s Guide.The attributes are described in the following sections:• Password Change after Reset• User-Defined Passwords• Password Expiration• Expiration Warning• Grace Login Limit• Password Syntax Checking• Password Length• Password Minimum Age• Password History
