If a password policy is specified for this token, NMAS uses this policy for generating passwords. For successful password generation, this password policy must exclude the rules that requires a user object lookup in eDirectory. For example, you should not use a policy to generate passwords using the generate password token if it requires the newly created password to be different from the user's password history that needs eDirectory user object lookup for comparison. Instead, create a new password policy similar to the existing password policy and exclude the rules that require a user lookup in eDirectory. Do not assign the new password policy to the user container. Instead, use it only to generate the random password for users from the Identity Manager policies when the user is added.
<token-generate-password policy-dn="..\my password policy"/>
EMPTY
Attribute |
Possible Values |
Default Value |
---|---|---|
notrace |
true | false True if this element should not be traced during execution of the policy. |
false |
policy-dn |
CDATA Slash form DN of a nspmPasswordPolicy object. Can be relative to the including policy. Supports variable expansion. |
#IMPLIED |
Empty
Element |
Description |
---|---|
Association argument. |
|
Component argument. |
|
DN argument. |
|
Node set argument. |
|
Password argument. |
|
String argument. |
|
Value argument. |
|
Decode base64 data into a string. |
|
Encode a string into base64 data. |
|
Convert a data/time from one format to another format. |
|
Convert a string for use in the destination DN. |
|
Convert a string for use in a source DN. |
|
Join a node set into a string. |
|
Convert a string to lowercase. |
|
Map a string through a mapping table. |
|
Parses or converts a DN. |
|
Replaces all instances of a substring with a string. |
|
Replaces a single instance of a substring within a string. |
|
Splits a string into a node set. |
|
Substring of a string. |
|
Converts a string to uppercase. |
|
Parses XML. |
|
Serializes XML. |