1 #ident $Id: ns-pwd-policy.schema,v 1.2 2004/03/01 23:47:57 lukeh Exp $
3 # Netscape password policy schema
4 # draft-vchu-ldap-pwd-policy-00.txt
7 attributetype ( 2.16.840.1.113730.3.1.97
9 DESC 'the number of seconds after which user passwords will expire'
11 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
13 attributetype ( 2.16.840.1.113730.3.1.98
15 DESC 'a flag which indicates whether passwords will expire after a
16 given number of seconds'
18 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
20 attributetype ( 2.16.840.1.113730.3.1.99
21 NAME 'passwordMinLength'
22 DESC 'the minimum number of characters that must be used in a password'
24 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
26 attributetype ( 2.16.840.1.113730.3.1.100
27 NAME 'passwordKeepHistory'
28 DESC 'a flag which indicates whether passwords can be reused'
30 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
32 attributetype ( 2.16.840.1.113730.3.1.101
33 NAME 'passwordInHistory'
34 DESC 'the number of passwords the directory server stores in history'
36 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
38 attributetype ( 2.16.840.1.113730.3.1.102
40 DESC 'a flag which indicates whether users can change their passwords'
42 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
44 attributetype ( 2.16.840.1.113730.3.1.103
45 NAME 'passwordCheckSyntax'
46 DESC 'a flag which indicates whether the password syntax will be checked
47 before the password is saved'
49 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
51 attributetype ( 2.16.840.1.113730.3.1.104
52 NAME 'passwordWarning'
53 DESC 'the number of seconds before a users password is due to expire that
54 the user will be sent a warning message'
56 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
58 attributetype ( 2.16.840.1.113730.3.1.105
59 NAME 'passwordLockout'
60 DESC 'a flag which indicates whether users will be locked out of the
61 directory after a given number of consecutive failed bind attempts'
63 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
65 attributetype ( 2.16.840.1.113730.3.1.106
66 NAME 'passwordMaxFailure'
67 DESC 'the number of consecutive failed bind attempts after which a user
68 will be locked out of the directory'
70 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
72 attributetype ( 2.16.840.1.113730.3.1.108
74 DESC 'a flag which indicates whether a user will be locked out of the
75 directory for a given number of seconds or until the administrator
76 resets the password after an account lockout'
78 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
80 attributetype ( 2.16.840.1.113730.3.1.109
81 NAME 'passwordLockoutDuration'
82 DESC 'the number of seconds that users will be locked out of the directory
83 after an account lockout'
85 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
87 attributetype ( 2.16.840.1.113730.3.1.220
88 NAME 'passwordMustChange'
89 DESC 'a flag which indicates whether users must change their passwords when
90 they first bind to the directory server'
92 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
94 attributetype ( 2.16.840.1.113730.3.1.221
95 NAME 'passwordStorageScheme'
96 DESC 'the type of hash algorithm used to store directory server passwords'
97 EQUALITY caseIgnoreMatch
98 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
100 attributetype ( 2.16.840.1.113730.3.1.222
101 NAME 'passwordMinAge'
102 DESC 'the number of seconds that must elapse before a user can change their
104 EQUALITY integerMatch
105 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
107 attributetype ( 2.16.840.1.113730.3.1.223
108 NAME 'passwordResetFailureCount'
109 DESC 'the number of seconds after which the password failure counter will
111 EQUALITY integerMatch
112 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
114 objectclass ( 2.16.840.1.113730.3.2.13
115 NAME 'passwordPolicy'
118 DESC 'Password Policy object class to hold password policy information'
119 MAY ( passwordMaxAge $ passwordExp $ passwordMinLength $
120 passwordKeepHistory $ passwordInHistory $ passwordChange $
121 passwordCheckSyntax $ passwordWarning $ passwordLockout $
122 passwordMaxFailure $ passwordUnlock $ passwordLockoutDuration $
123 passwordMustChange $ passwordStorageScheme $ passwordMinAge $
124 passwordResetFailureCount )
127 attributetype ( 2.16.840.1.113730.3.1.91
128 NAME 'passwordExpirationTime'
129 DESC 'the time the entrys password expires'
130 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
131 EQUALITY generalizedTimeMatch
132 ORDERING generalizedTimeOrderingMatch
133 SINGLE-VALUE USAGE dSAOperation )
135 attributetype ( 2.16.840.1.113730.3.1.92
136 NAME 'passwordExpWarned'
137 DESC 'a flag which indicates whether a password expiration warning is sent
139 EQUALITY booleanMatch
140 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
141 SINGLE-VALUE USAGE dSAOperation )
143 attributetype ( 2.16.840.1.113730.3.1.93
144 NAME 'passwordRetryCount'
145 DESC 'the count of consecutive failed password attempts'
146 EQUALITY integerMatch
147 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
148 SINGLE-VALUE USAGE dSAOperation )
150 attributetype ( 2.16.840.1.113730.3.1.94
151 NAME 'retryCountResetTime'
152 DESC 'the time to reset the passwordRetryCount'
153 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
154 EQUALITY generalizedTimeMatch
155 ORDERING generalizedTimeOrderingMatch
156 SINGLE-VALUE USAGE dSAOperation )
158 attributetype ( 2.16.840.1.113730.3.1.95
159 NAME 'accountUnlockTime'
160 DESC 'the time that the user can bind again after an account lockout'
161 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
162 EQUALITY generalizedTimeMatch
163 ORDERING generalizedTimeOrderingMatch
164 SINGLE-VALUE USAGE dSAOperation )
166 attributetype ( 2.16.840.1.113730.3.1.96
167 NAME 'passwordHistory'
168 DESC 'the history of users passwords'
169 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
170 EQUALITY octetStringMatch USAGE dSAOperation )
172 attributetype ( 2.16.840.1.113730.3.1.214
173 NAME 'passwordAllowChangeTime'
174 DESC 'the time that the user is allowed change the password'
175 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
176 EQUALITY generalizedTimeMatch
177 ORDERING generalizedTimeOrderingMatch
178 SINGLE-VALUE USAGE dSAOperation )
180 objectclass ( 2.16.840.1.113730.3.2.12
181 NAME 'passwordObject'
184 DESC 'Password object class to hold password policy information for each
186 MAY ( passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $
187 retryCountResetTime $ accountUnlockTime $ passwordHistory $
188 passwordAllowChangeTime )