#ident $Id: ns-pwd-policy.schema,v 1.2 2004/03/01 23:47:57 lukeh Exp $ # # Netscape password policy schema # draft-vchu-ldap-pwd-policy-00.txt # attributetype ( 2.16.840.1.113730.3.1.97 NAME 'passwordMaxAge' DESC 'the number of seconds after which user passwords will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113730.3.1.98 NAME 'passwordExp' DESC 'a flag which indicates whether passwords will expire after a given number of seconds' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113730.3.1.99 NAME 'passwordMinLength' DESC 'the minimum number of characters that must be used in a password' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113730.3.1.100 NAME 'passwordKeepHistory' DESC 'a flag which indicates whether passwords can be reused' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113730.3.1.101 NAME 'passwordInHistory' DESC 'the number of passwords the directory server stores in history' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113730.3.1.102 NAME 'passwordChange' DESC 'a flag which indicates whether users can change their passwords' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113730.3.1.103 NAME 'passwordCheckSyntax' DESC 'a flag which indicates whether the password syntax will be checked before the password is saved' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113730.3.1.104 NAME 'passwordWarning' DESC 'the number of seconds before a users password is due to expire that the user will be sent a warning message' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113730.3.1.105 NAME 'passwordLockout' DESC 'a flag which indicates whether users will be locked out of the directory after a given number of consecutive failed bind attempts' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113730.3.1.106 NAME 'passwordMaxFailure' DESC 'the number of consecutive failed bind attempts after which a user will be locked out of the directory' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113730.3.1.108 NAME 'passwordUnlock' DESC 'a flag which indicates whether a user will be locked out of the directory for a given number of seconds or until the administrator resets the password after an account lockout' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113730.3.1.109 NAME 'passwordLockoutDuration' DESC 'the number of seconds that users will be locked out of the directory after an account lockout' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113730.3.1.220 NAME 'passwordMustChange' DESC 'a flag which indicates whether users must change their passwords when they first bind to the directory server' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 2.16.840.1.113730.3.1.221 NAME 'passwordStorageScheme' DESC 'the type of hash algorithm used to store directory server passwords' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 2.16.840.1.113730.3.1.222 NAME 'passwordMinAge' DESC 'the number of seconds that must elapse before a user can change their password again' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 2.16.840.1.113730.3.1.223 NAME 'passwordResetFailureCount' DESC 'the number of seconds after which the password failure counter will be reset' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) objectclass ( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' AUXILIARY SUP top DESC 'Password Policy object class to hold password policy information' MAY ( passwordMaxAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHistory $ passwordChange $ passwordCheckSyntax $ passwordWarning $ passwordLockout $ passwordMaxFailure $ passwordUnlock $ passwordLockoutDuration $ passwordMustChange $ passwordStorageScheme $ passwordMinAge $ passwordResetFailureCount ) ) attributetype ( 2.16.840.1.113730.3.1.91 NAME 'passwordExpirationTime' DESC 'the time the entrys password expires' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE USAGE dSAOperation ) attributetype ( 2.16.840.1.113730.3.1.92 NAME 'passwordExpWarned' DESC 'a flag which indicates whether a password expiration warning is sent to the client' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation ) attributetype ( 2.16.840.1.113730.3.1.93 NAME 'passwordRetryCount' DESC 'the count of consecutive failed password attempts' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE dSAOperation ) attributetype ( 2.16.840.1.113730.3.1.94 NAME 'retryCountResetTime' DESC 'the time to reset the passwordRetryCount' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE USAGE dSAOperation ) attributetype ( 2.16.840.1.113730.3.1.95 NAME 'accountUnlockTime' DESC 'the time that the user can bind again after an account lockout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE USAGE dSAOperation ) attributetype ( 2.16.840.1.113730.3.1.96 NAME 'passwordHistory' DESC 'the history of users passwords' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 EQUALITY octetStringMatch USAGE dSAOperation ) attributetype ( 2.16.840.1.113730.3.1.214 NAME 'passwordAllowChangeTime' DESC 'the time that the user is allowed change the password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SINGLE-VALUE USAGE dSAOperation ) objectclass ( 2.16.840.1.113730.3.2.12 NAME 'passwordObject' AUXILIARY SUP top DESC 'Password object class to hold password policy information for each entry' MAY ( passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $ retryCountResetTime $ accountUnlockTime $ passwordHistory $ passwordAllowChangeTime ) )