helps/apacheds.help/src/main/docbook/1.3.5_configuration_editor_pp.xml - directory-studio - Git at Google

 <!--
 	Licensed to the Apache Software Foundation (ASF) under one
 	or more contributor license agreements.  See the NOTICE file
 	distributed with this work for additional information
 	regarding copyright ownership.  The ASF licenses this file
 	to you under the Apache License, Version 2.0 (the
 	"License"); you may not use this file except in compliance
 	with the License.  You may obtain a copy of the License at

 	http://www.apache.org/licenses/LICENSE-2.0

 	Unless required by applicable law or agreed to in writing,
 	software distributed under the License is distributed on an
 	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 	KIND, either express or implied.  See the License for the
 	specific language governing permissions and limitations
 	under the License.
 -->
 <section id="gettingstarted_configuration_editor_pp">
 	<title>Password Policies Page</title>
 	<para>
 		The
 		<emphasis role="strong">Password Policies Page</emphasis>
 		of the configuration editor allows you to edit the server's
 		password policies.
 		See also IETF draft-behera-ldap-password-policy-10 for a
 		detailed description of the password policy configuration.
 	</para>
 	<para>
 		Here's what the
 		<emphasis role="strong">Password Policies page</emphasis>
 		looks like:
 		<screenshot>
 			<mediaobject>
 				<imageobject>
 					<imagedata scale="33"
 						fileref="images/gettingstarted/editor_2.0.0_passwordpolicies.png"
 						format="PNG" />
 				</imageobject>
 			</mediaobject>
 		</screenshot>
 	</para>
 	<para>The page is divided vertically in two parts.</para>
 	<para>
 		The left side of the page shows the password policies defined on the
 		server. This is where you can add or delete a policy.
 	</para>
 	<para>
 		The right side of the page display and lets you edit the details
 		of the selected password policy in the left side.
 	</para>

 	<simplesect id="configuration_editor_2.0.0_pp_details">
 		<title>Password Policy Details</title>
 		<para>
 			Check the
 			<emphasis role="strong">Enabled</emphasis>
 			checkbox to enable the password policy.
 		</para>
 		<para>
 			An
 			<emphasis role="strong">ID</emphasis>
 			is mandatory for the password policy.
 		</para>
 		<para>
 			An
 			<emphasis role="strong">Description</emphasis>
 			is optional for the password policy.
 		</para>
 	</simplesect>

 	<simplesect id="configuration_editor_2.0.0_pp_quality">
 		<title>Quality</title>
 		<para>
 			<emphasis role="strong">Check Quality</emphasis>
 			defines which quality level a new password must fulfil.
 			One of the following options can be chosen:
 			<itemizedlist spacing="normal" mark="bullet">
 				<listitem>Disabled - Don't check the password</listitem>
 				<listitem>Relaxed - Check the password and accept passwords that can't be checked (hashed passwords)</listitem>
 				<listitem>Strict - Check the password but reject passwords that can't be checked (hashed passwords)</listitem>
 			</itemizedlist>
 		</para>
 		<para>
 			<emphasis role="strong">Validator</emphasis>
 			Defines the class that implements PasswordValidator interface (default
 			org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator).
 		</para>
 		<para>
 			Check
 			<emphasis role="strong">Enable Minimum Length</emphasis>
 			to enable and specify the minimum password length.
 		</para>
 		<para>
 			Check
 			<emphasis role="strong">Enable Maximum Length</emphasis>
 			to enable and specify the maximum password length.
 		</para>
 	</simplesect>

 	<simplesect id="configuration_editor_2.0.0_pp_expiration">
 		<title>Expiration</title>
 		<para>
 			<emphasis role="strong">Minimum Age</emphasis>
 			defines the number of seconds that must elapse between modifications to the password.
 		</para>
 		<para>
 			<emphasis role="strong">Maximum Age</emphasis>
 			defines the number of seconds after which a modified password will expire.
 			Default value is 0, does not expire. If not 0, the value must be
 			greater than or equal to the value of the minimum age.
 		</para>
 		<para>
 			Check
 			<emphasis role="strong">Enable Expire Warning</emphasis>
 			to enable and specify the number of seconds before password expiration a warning
 			message will be returned to an authentication user.
 		</para>
 		<para>
 			Check
 			<emphasis role="strong">Enable Grace Authentication Limit</emphasis>
 			to enable and specify the how often an expired password can be used to authenticate.
 		</para>
 		<para>
 			Check
 			<emphasis role="strong">Enable Grace Expire</emphasis>
 			to enable and specify the number of seconds for the grace period.
 		</para>
 	</simplesect>

 	<simplesect id="configuration_editor_2.0.0_pp_options">
 		<title>Options</title>
 		<para>
 			Check
 			<emphasis role="strong">Enable Must Change</emphasis>
 			to enforce that the password must be changed by the user after a password reset.
 		</para>
 		<para>
 			Check
 			<emphasis role="strong">Enable Allow User Change</emphasis>
 			to allow users to change their own password.
 		</para>
 		<para>
 			Check
 			<emphasis role="strong">Enable Safe Modify</emphasis>
 			to enforce that the existing password must be ent when changing the password.
 		</para>
 	</simplesect>

 	<simplesect id="configuration_editor_2.0.0_pp_lockout">
 		<title>Lockout</title>
 		<para>
 			Check
 			<emphasis role="strong">Enable Lockout</emphasis>
 			to enable password lockout.
 		</para>
 		<para>
 			<emphasis role="strong">Lockout Duraton</emphasis>
 			defines the number of seconds that the password cannot be used
 			to authenticate due to too many failed bind attempts.
 		</para>
 		<para>
 			<emphasis role="strong">Maximum consecutive Failrues</emphasis>
 			defines the number of consecutive failed bind attempts after
 			which the password may not be used to authenticate.
 		</para>
 		<para>
 			Check
 			<emphasis role="strong">Enable Maximum Idle</emphasis>
 			to enable and specify the number of seconds an account may
 			remain unused before it becomes locked.
 		</para>
 		<para>
 			Check
 			<emphasis role="strong">Enable In History</emphasis>
 			to enable and specify the maximum number of used password
 			history is preserved.
 		</para>
 		<para>
 			<emphasis role="strong">Minimum Delay</emphasis>
 			defines the number of seconds to delay responding to the
 			first failed authentication attempt. Default value 0, no delay
 		</para>
 		<para>
 			<emphasis role="strong">Maximum Delay</emphasis>
 			defines the maximum number of seconds to delay responding to the
 			first failed authentication attempt.
 		</para>
 	</simplesect>
 </section>
	<!--
	Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.
	-->
	<section id="gettingstarted_configuration_editor_pp">
	<title>Password Policies Page</title>
	<para>
	The
	<emphasis role="strong">Password Policies Page</emphasis>
	of the configuration editor allows you to edit the server's
	password policies.
	See also IETF draft-behera-ldap-password-policy-10 for a
	detailed description of the password policy configuration.
	</para>
	<para>
	Here's what the
	<emphasis role="strong">Password Policies page</emphasis>
	looks like:
	<screenshot>
	<mediaobject>
	<imageobject>
	<imagedata scale="33"
	fileref="images/gettingstarted/editor_2.0.0_passwordpolicies.png"
	format="PNG" />
	</imageobject>
	</mediaobject>
	</screenshot>
	</para>
	<para>The page is divided vertically in two parts.</para>
	<para>
	The left side of the page shows the password policies defined on the
	server. This is where you can add or delete a policy.
	</para>
	<para>
	The right side of the page display and lets you edit the details
	of the selected password policy in the left side.
	</para>

	<simplesect id="configuration_editor_2.0.0_pp_details">
	<title>Password Policy Details</title>
	<para>
	Check the
	<emphasis role="strong">Enabled</emphasis>
	checkbox to enable the password policy.
	</para>
	<para>
	An
	<emphasis role="strong">ID</emphasis>
	is mandatory for the password policy.
	</para>
	<para>
	An
	<emphasis role="strong">Description</emphasis>
	is optional for the password policy.
	</para>
	</simplesect>

	<simplesect id="configuration_editor_2.0.0_pp_quality">
	<title>Quality</title>
	<para>
	<emphasis role="strong">Check Quality</emphasis>
	defines which quality level a new password must fulfil.
	One of the following options can be chosen:
	<itemizedlist spacing="normal" mark="bullet">
	<listitem>Disabled - Don't check the password</listitem>
	<listitem>Relaxed - Check the password and accept passwords that can't be checked (hashed passwords)</listitem>
	<listitem>Strict - Check the password but reject passwords that can't be checked (hashed passwords)</listitem>
	</itemizedlist>
	</para>
	<para>
	<emphasis role="strong">Validator</emphasis>
	Defines the class that implements PasswordValidator interface (default
	org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator).
	</para>
	<para>
	Check
	<emphasis role="strong">Enable Minimum Length</emphasis>
	to enable and specify the minimum password length.
	</para>
	<para>
	Check
	<emphasis role="strong">Enable Maximum Length</emphasis>
	to enable and specify the maximum password length.
	</para>
	</simplesect>

	<simplesect id="configuration_editor_2.0.0_pp_expiration">
	<title>Expiration</title>
	<para>
	<emphasis role="strong">Minimum Age</emphasis>
	defines the number of seconds that must elapse between modifications to the password.
	</para>
	<para>
	<emphasis role="strong">Maximum Age</emphasis>
	defines the number of seconds after which a modified password will expire.
	Default value is 0, does not expire. If not 0, the value must be
	greater than or equal to the value of the minimum age.
	</para>
	<para>
	Check
	<emphasis role="strong">Enable Expire Warning</emphasis>
	to enable and specify the number of seconds before password expiration a warning
	message will be returned to an authentication user.
	</para>
	<para>
	Check
	<emphasis role="strong">Enable Grace Authentication Limit</emphasis>
	to enable and specify the how often an expired password can be used to authenticate.
	</para>
	<para>
	Check
	<emphasis role="strong">Enable Grace Expire</emphasis>
	to enable and specify the number of seconds for the grace period.
	</para>
	</simplesect>

	<simplesect id="configuration_editor_2.0.0_pp_options">
	<title>Options</title>
	<para>
	Check
	<emphasis role="strong">Enable Must Change</emphasis>
	to enforce that the password must be changed by the user after a password reset.
	</para>
	<para>
	Check
	<emphasis role="strong">Enable Allow User Change</emphasis>
	to allow users to change their own password.
	</para>
	<para>
	Check
	<emphasis role="strong">Enable Safe Modify</emphasis>
	to enforce that the existing password must be ent when changing the password.
	</para>
	</simplesect>

	<simplesect id="configuration_editor_2.0.0_pp_lockout">
	<title>Lockout</title>
	<para>
	Check
	<emphasis role="strong">Enable Lockout</emphasis>
	to enable password lockout.
	</para>
	<para>
	<emphasis role="strong">Lockout Duraton</emphasis>
	defines the number of seconds that the password cannot be used
	to authenticate due to too many failed bind attempts.
	</para>
	<para>
	<emphasis role="strong">Maximum consecutive Failrues</emphasis>
	defines the number of consecutive failed bind attempts after
	which the password may not be used to authenticate.
	</para>
	<para>
	Check
	<emphasis role="strong">Enable Maximum Idle</emphasis>
	to enable and specify the number of seconds an account may
	remain unused before it becomes locked.
	</para>
	<para>
	Check
	<emphasis role="strong">Enable In History</emphasis>
	to enable and specify the maximum number of used password
	history is preserved.
	</para>
	<para>
	<emphasis role="strong">Minimum Delay</emphasis>
	defines the number of seconds to delay responding to the
	first failed authentication attempt. Default value 0, no delay
	</para>
	<para>
	<emphasis role="strong">Maximum Delay</emphasis>
	defines the maximum number of seconds to delay responding to the
	first failed authentication attempt.
	</para>
	</simplesect>
	</section>