If you are running IAS version 1.0.11.1 or later, you can modify the current password
policy for users from the internal LDAP server.
Before you begin
Before updating the password policy attributes, it is advisable to
verify the status of password policy by running ap_ldap_ppolicy.pl
listpolicy.
Procedure
-
Log in to the appliance as apuser or any equivalent that is a member of the
ibmapadmin OS group.
- Use the ap_ldap_ppolicy.pl listpolicy option to list the current
password policy attribute values.
- Use the
ap_ldap_ppolicy.pl update option, adding the parameters that you
want to
update: ap_ldap_ppolicy.pl update
--pwdMaxAge <PWD_MAX_AGE>
--pwdExpireWarning <PWD_EXPIRE_WARNING>
--pwdInHistory <PWD_IN_HISTROY>
--pwdMaxFailure <PWD_MAX_FAILURE>
--pwdLockout <PWD_LOCK_OUT>
--pwdLockoutDuration <PWD_LOCK_OUT_DURATION>
--pwdFailureCountInterval <PWD_FAILURE_COUNT_INTERVA>
--pwdMustChange <PWD_MUST_CHANGE>
--pwdAllowUserChange <PWD_ALLOW_USER_CHANGE>
--pwdSafeModify <PWD_SAFE_MODIFY>
--pwdCheckQuality <PWD_CHECK_QUALITY>
--pwdUppercase <PWD_UPPERCASE>
--pwdLowercase <PWD_LOWERCASE>
--pwdDigits <PWD_DIGITIS>
--pwdSpecialchars <PWD_SPECIAL_CHRS>
--pwdMinLength <PWD_MIN_LENGTH>
--pwdMinUppercase <PWD_UPPER>
--pwdMinLowercase <PWD_LOWER>
--pwdMinDigits <PWD_DIGITS>
--pwdMinSpecialchars <PWD_SPECIALCHARS>
--pwdMinDiffCharsfromOld <PWD_MINDIFFCHARSFROMOLD>
--pwdMaxRepeatChar <PWD_MAXREPEATCHAT>
--pwdMaxclassChars <PWD_MAXCLASSCHARS>
--pwdMinclasses <PWD_MINCLASSES>
For
a detailed description of all parameters, see
Password policy parameters
Results
Once the password policy is updated, all the existing users and new
users are affected by that.