6.1 Assigning the Password Policy Object to Driver Sets

You must assign the DirMXL-PasswordPolicy object to each driver set in a tree in the Identity Vault. The integrated installation process does not add the policy object to the Identity Vault. However, you can create the object.

6.1.1 Creating the Password Policy Object

If the DirMXL-PasswordPolicy object does not exist in the Identity Vault, use the following steps to create it.

  1. In a text editor, create an LDAP Data Interchange Format (LDIF) file with the following attributes:

    dn: cn=DirXML-PasswordPolicy,cn=Password Policies,cn=Security 
    changetype: add 
    nsimPwdRuleEnforcement: FALSE 
    nspmSpecialAsLastCharacter: TRUE 
    nspmSpecialAsFirstCharacter: TRUE 
    nspmSpecialCharactersAllowed: TRUE 
    nspmNumericAsLastCharacter: TRUE 
    nspmNumericAsFirstCharacter: TRUE 
    nspmNumericCharactersAllowed: TRUE 
    nspmMaximumLength: 64 
    nspmConfigurationOptions: 596 
    passwordUniqueRequired: FALSE 
    passwordMinimumLength: 1 
    passwordAllowChange: TRUE 
    objectClass: nspmPasswordPolicy 
    
    
    dn: cn=DirXML-PasswordPolicy,cn=Password Policies,cn=Security 
    changetype: modify 
    add: nsimAssignments 
    nsimAssignments: <driverset LDAP dn>

    NOTE:Copying the content as is might insert some hidden special characters in the file. If you receive a ldif_record() = 17 error message when you add these attributes to the Identity Vault, insert an extra space between the two DNs.

  2. To add the DirMXL-PasswordPolicy object in the Identity Vault, import the attributes from the file by performing one of the following actions:

    Linux:

    From the directory containing the ldapmodify utility, enter the following command:

    ldapmodify -x -c -h hostname_or_IP_address -p 389 -D "cn=admin,ou=sa,o=system" -w password -f path_to_ldif_file

    For example:

    ldapmodify -x -ZZ -c -h server1.test.com -p 389 -D "cn=admin,ou=sa,o=system" -w test123 -f /root/dirxmlpasswordpolicy.ldif

    The ldapmodify utility is located by default in the /opt/novell/eDirectory/bin directory.

    Windows:

    Run ldapmodify.exe from the install/utilities directory of the Identity Manager installation kit.

6.1.2 Assigning the Password Policy Object

You must assign the DirMXL-PasswordPolicy object to each driver set in a tree. For more information, see Creating Password Policies in the Password Management Administration Guide.