6.1 Assigning the Password Policy Object to Driver Sets

You must assign the DirMXL-PasswordPolicy object to each driver set in a tree in the Identity Vault. The integrated installation process does not add the policy object to the Identity Vault. However, you can create the object.

6.1.1 Creating the Password Policy Object

If the DirMXL-PasswordPolicy object does not exist in the Identity Vault, use the following steps to create it.

  1. In a text editor, create an LDAP Data Interchange Format (LDIF) file with the following attributes:

    dn: cn=DirXML-PasswordPolicy,cn=Password Policies,cn=Security 
changetype: add 
nsimPwdRuleEnforcement: FALSE 
nspmSpecialAsLastCharacter: TRUE 
nspmSpecialAsFirstCharacter: TRUE 
nspmSpecialCharactersAllowed: TRUE 
nspmNumericAsLastCharacter: TRUE 
nspmNumericAsFirstCharacter: TRUE 
nspmNumericCharactersAllowed: TRUE 
nspmMaximumLength: 64 
nspmConfigurationOptions: 596 
passwordUniqueRequired: FALSE 
passwordMinimumLength: 1 
passwordAllowChange: TRUE 
objectClass: nspmPasswordPolicy 



    dn: cn=DirXML-PasswordPolicy,cn=Password Policies,cn=Security 
changetype: modify 
add: nsimAssignments 
nsimAssignments: <driverset LDAP dn>

    NOTE:Copying the content as is might insert some hidden special characters in the file. If you receive a ldif_record() = 17 error message when you add these attributes to the Identity Vault, insert an extra space between the two DNs.

  2. To add the DirMXL-PasswordPolicy object in the Identity Vault, import the attributes from the file by performing one of the following actions:

    Linux:

    From the directory containing the ldapmodify utility, enter the following command:

    ldapmodify -x -c -h hostname_or_IP_address -p 389 -D "cn=admin,ou=sa,o=system" -w password -f path_to_ldif_file

    For example:

    ldapmodify -x -ZZ -c -h server1.test.com -p 389 -D "cn=admin,ou=sa,o=system" -w test123 -f /root/dirxmlpasswordpolicy.ldif

    The ldapmodify utility is located by default in the /opt/novell/eDirectory/bin directory.

    Windows:

    Run ldapmodify.exe from the install/utilities directory of the Identity Manager installation kit.

6.1.2 Assigning the Password Policy Object

You must assign the DirMXL-PasswordPolicy object to each driver set in a tree. For more information, see Creating Password Policies in the Password Management 3.3.2 Administration Guide.