I can see we can apply different password policies but that doesnt cover the account Lockout policies.Example. If we want to have the accountlockoutduration set to 60 minutes for a specific OU instead of the standard duration applied on a global policy , can it be done?With many countries applying different compliance rules for securing personal data of their cititizen we see an increasing demand to have a seperate account lockout policy for special types of accounts or to be applied on a Country specific OU.Hi,Today we have a global account lockout policy in 389 which is applied to a specific instance.
Yes it does.
Here is an example adding account lock settings out to an existing subtree password policy for "ou=FR,dc=example,dc=com":
# ldapmodify -D "cn=directory manager" -W
dn:
cn="cn=nsPwPolicyEntry,ou=FR,dc=example,dc=com",cn=nsPwPolicyContainer,ou=FR,dc=example,dc=com
changetype: modify
replace: passwordLockout
passwordLockout: on
-
replace: passwordLockoutDuration
passwordLockoutDuration: 3600
-
replace: passwordResetFailureCount
passwordResetFailureCount: 1800
-
replace: passwordUnlock
passwordUnlock: on
-
replace: passwordMaxFailure
passwordMaxFailure: 4
HTH,
Mark
Any help would be appreciated.
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org