Assigning a password policy to an individual account - PingDirectory

Assigning a password policy to an individual account - PingDirectory - 9.3

PingDirectory 9.3

bundle

pingdirectory-93

ft:publication_title

PingDirectory 9.3

Product_Version_ce

PingDirectory 9.3 (Latest)

category

Product

pd-93

pingdirectory

ContentType_ce

Rather than a user automatically inheriting the default password policy, you can assign a user to a particular password policy by including the ds-pwp-password-policy-dn operational attribute in that user’s entry with a value equal to the distinguished name (DN) of the desired password policy for that user. This operational attribute is explicitly included in a user’s entry, or generated by a virtual attribute, which makes it easy to apply a custom password policy to a set of users based on a flexible set of criteria.

Create an LDIF file that adds the ds-pwp-password-policy-dn attribute with the password policy DN you want to assign to that user.
This example creates the file assign.ldif with the following contents.
```
dn: uid=user.1,ou=People,dc=example,dc=com 
changetype: modify
add: ds-pwp-password-policy-dn 
ds-pwp-password-policy-dn: cn=Demo Password Policy,cn=Password Policies,cn=config
```
To apply the modification to the user's entry, run ldapmodify.
For this example, the file used is assign.ldif.
```
$ bin/ldapmodify --filename assign.ldif
```