To view a specific password policy:
Do one of the following:
- Run the dsconfig tool.
- Use the Administrative Console.
This example uses dsconfig to view the default password policy that applies to all uses for which no specific policy is configured.
$ bin/dsconfig get-password-policy-prop \
--policy-name "Default Password Policy"Property : Value(s)
------------------------------------------:--------------------------
description : -
password-attribute : userpassword
default-password-storage-scheme : Salted SHA-1
deprecated-password-storage-scheme : -
password-validator : -
account-status-notification-handler : -
allow-user-password-changes : true
password-change-requires-current-password : false
force-change-on-add : false
force-change-on-reset : false
password-generator : Random Password Generator
require-secure-authentication : false
require-secure-password-changes : false
min-password-age : 0s
max-password-age : 0s
max-password-reset-age : 0s
password-expiration-warning-interval : 5d
expire-passwords-without-warning : false
allow-expired-password-changes : false
grace-login-count : 0s
lockout-failure-count : 0s
lockout-duration : 0s
lockout-failure-expiration-interval : 0s
require-change-by-time : -
last-login-time-attribute : ds-pwp-last-login-time
last-login-time-format : -
previous-last-login-time-format : -
idle-lockout-interval : 0s
password-history-count : 0s
password-history-duration : 0s