I logged in to Oracle Directory Services Manager, which by default resides at http://server:7005/odsm. The first screen is informational and shows you some relevant version numbers and some statistics.
To change password policy options click on the Security tab followed by clicking on Password Policy.
Next you need to determine the correct policy to modify. The easiest way is to probably look at the Distinguished Name which has the proper domain component values. (ie. dc=youserver, dc=com)
There are a number of options you can set for your password policy and the values you choose will be dependent on your corporate standards. To get help for any particular option click on it and a context sensitive dialog box will appear with more information.
Once you have made all your changed click on the apply button. This is where I ran into trouble and was presented with the following error:
I searched google, Metalink but didn’t find any solutions so I decided to try the command line method.
Login to the server which hosts your Identity Management Domain and initialize your environment. Properly set, ldapsearch and ldapmodify should be in your path.
To view the password policy use ldapsearch utility:
ldapsearch -D "cn=orcladmin" -w <orcladmin_pass> -h <OID_Host> -p 3060 -b "cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=mydomain,dc=com" -s sub "(objectclass=*)" "*" cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=mydomain,dc=com orclpwdminalphachars=0 pwdfailurecountinterval=300 orclpwdmaxrptchars=0 pwdlockoutduration=86400 objectclass=top objectclass=pwdpolicy pwdmaxfailure=5 orclpwdminuppercase=0 orclpwdencryptionenable=0 pwdminlength=8 orclpwdalphanumeric=1 cn=default pwdlockout=1 pwdchecksyntax=1
orclpwdpolicyenable=1 pwdgraceloginlimit=5
pwdexpirewarning=604800 pwdmaxage=10368000 orclpwdminspecialchars=0 orclpwdminlowercase=0
To modify the password policy use ldapmodify and pass it a file containing the options you’d like to change:
ldapmodify -p 3060 -D cn=orcladmin -w password < PolicyMod.txt
In the PolicyMod.txt document below I am modifying the minimum length of a password and the number of failures before their account is locked:
dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=myserver,dc=com changetype: modify replace: pwdminlength pwdminlength: 8 dn: cn=default,cn=pwdPolicies,cn=Common,cn=Products,cn=OracleContext,dc=myserver,dc=com changetype: modify replace: pwdmaxfailure pwdmaxfailure: 5
So now you are familiar with two methods to changing password policy settings.
No comments:
Post a Comment