a48fa4b49c58246b297e0fd38e5fb85b985379f1Bob Halleyuser-friendly-name=Password Policy

36983956d7c3d9e294903eeda29548f67ac17daeBob Halleyuser-friendly-plural-name=Password Policies

40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halleysynopsis=Password Policies define a number of password management rules, as well as requirements for authentication processing.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.account-status-notification-handler.synopsis=Specifies the names of the account status notification handlers that are used with the associated password storage scheme.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.account-status-notification-handler.syntax.aggregation.constraint-synopsis=The referenced account status notification handlers must be enabled.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.allow-expired-password-changes.synopsis=Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.allow-multiple-password-values.synopsis=Indicates whether user entries can have multiple distinct values for the password attribute.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.allow-multiple-password-values.description=\uc774\ub7f0 \uacbd\uc6b0 \ube44\ubc00\ubc88\ud638\ub97c \ubcc0\uacbd\ud558\ub294 \ub370 \uc0ac\uc6a9\ub418\ub294 \ub9ce\uc740 \uba54\ucee4\ub2c8\uc998\uc774 \uadf8\ub7ec\ud55c \uad6c\uc131\uc5d0\uc11c \uc81c\ub300\ub85c \uc791\ub3d9\ud558\uc9c0 \uc54a\uae30 \ub54c\ubb38\uc5d0 \uc704\ud5d8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. If multiple password values are allowed, then any of them can be used to authenticate, and they are all subject to the same policy constraints.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.allow-pre-encoded-passwords.synopsis=Indicates whether users can change their passwords by providing a pre-encoded value.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.allow-pre-encoded-passwords.description=\uc774\ub7f0 \uacbd\uc6b0 \uc77c\ubc18 \ud14d\uc2a4\ud2b8 \ubc84\uc804\uc758 \ube44\ubc00\ubc88\ud638\uac00 \uc54c\ub824\uc9c0\uc9c0 \uc54a\uc73c\ubbc0\ub85c \uac80\uc99d \uac80\uc0ac\uac00 \uc801\uc6a9\ub420 \uc218 \uc5c6\uae30 \ub54c\ubb38\uc5d0 \ubcf4\uc548 \uc704\ud5d8\uc774 \ubc1c\uc0dd\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.allow-user-password-changes.synopsis=Indicates whether users can change their own passwords.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.allow-user-password-changes.description=This check is made in addition to access control evaluation. Both must allow the password change for it to occur.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.default-password-storage-scheme.synopsis=Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.default-password-storage-scheme.syntax.aggregation.constraint-synopsis=The referenced password storage schemes must be enabled.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.deprecated-password-storage-scheme.synopsis=Specifies the names of the password storage schemes that are considered deprecated for this password policy.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.deprecated-password-storage-scheme.description=If a user with this password policy authenticates to the server and his/her password is encoded with a deprecated scheme, those values are removed and replaced with values encoded using the default password storage scheme(s).

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.deprecated-password-storage-scheme.syntax.aggregation.constraint-synopsis=The referenced password storage schemes must be enabled.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.expire-passwords-without-warning.synopsis=Indicates whether the Directory Server allows a user's password to expire even if that user has never seen an expiration warning notification.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.expire-passwords-without-warning.description=If this property is true, accounts always expire when the expiration time arrives. If this property is false disabled, the user always receives at least one warning notification, and the password expiration is set to the warning time plus the warning interval.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.force-change-on-add.synopsis=Indicates whether users are forced to change their passwords upon first authenticating to the Directory Server after their account has been created.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.force-change-on-reset.synopsis=Indicates whether users are forced to change their passwords if they are reset by an administrator.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.force-change-on-reset.description=For this purpose, anyone with permission to change a given user's password other than that user is considered an administrator.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.grace-login-count.synopsis=Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.grace-login-count.description=A value of 0 indicates that no grace logins are allowed.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.idle-lockout-interval.synopsis=Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.idle-lockout-interval.description=The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that idle accounts are not automatically locked out. This feature is available only if the last login time is maintained.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.last-login-time-attribute.synopsis=Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.last-login-time-attribute.description=This attribute type must be defined in the Directory Server schema and must either be defined as an operational attribute or must be allowed by the set of objectClasses for all users with the associated password policy.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.last-login-time-format.synopsis=Specifies the format string that is used to generate the last login time value for users with the associated password policy.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.last-login-time-format.description=This format string conforms to the syntax described in the API documentation for the java.text.SimpleDateFormat class.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.last-login-time-format.syntax.string.pattern.synopsis=Any valid format string that can be used with the java.text.SimpleDateFormat class.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.lockout-duration.synopsis=Specifies the length of time that an account is locked after too many authentication failures.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.lockout-duration.description=The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the account must remain locked until an administrator resets the password.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.lockout-failure-count.synopsis=Specifies the maximum number of authentication failures that a user is allowed before the account is locked out.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.lockout-failure-count.description=A value of 0 indicates that accounts are never locked out due to failed attempts.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.lockout-failure-expiration-interval.synopsis=Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.lockout-failure-expiration-interval.description=The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the authentication failures must never expire. The failure count is always cleared upon a successful authentication.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.max-password-age.synopsis=Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval).

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.max-password-age.description=The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables password expiration.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.max-password-reset-age.synopsis=Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.max-password-reset-age.description=The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables this feature.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.min-password-age.synopsis=Specifies the minimum length of time after a password change before the user is allowed to change the password again.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.min-password-age.description=The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. This setting can be used to prevent users from changing their passwords repeatedly over a short period of time to flush an old password from the history so that it can be re-used.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-attribute.synopsis=Specifies the attribute type used to hold user passwords.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-attribute.description=This attribute type must be defined in the server schema, and it must have either the user password or auth password syntax.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-change-requires-current-password.synopsis=Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-expiration-warning-interval.synopsis=Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-expiration-warning-interval.description=The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables the warning interval.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-generator.synopsis=Specifies the name of the password generator that is used with the associated password policy.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-generator.description=This is used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-generator.syntax.aggregation.constraint-synopsis=The referenced password generator must be enabled.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-history-count.synopsis=Specifies the maximum number of former passwords to maintain in the password history.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-history-count.description=When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero indicates that either no password history is to be maintained (if the password history duration has a value of zero seconds), or that there is no maximum number of passwords to maintain in the history (if the password history duration has a value greater than zero seconds).

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-history-duration.synopsis=Specifies the maximum length of time that passwords remain in the password history.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-history-duration.description=When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero seconds indicates that either no password history is to be maintained (if the password history count has a value of zero), or that there is no maximum duration for passwords in the history (if the password history count has a value greater than zero).

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-validator.synopsis=Specifies the names of the password validators that are used with the associated password storage scheme.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-validator.description=The password validators are invoked when a user attempts to provide a new password, to determine whether the new password is acceptable.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.password-validator.syntax.aggregation.constraint-synopsis=The referenced password validators must be enabled.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.previous-last-login-time-format.synopsis=Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.previous-last-login-time-format.description=These values are used to make it possible to parse previous values, but are not used to set new values. The format strings conform to the syntax described in the API documentation for the java.text.SimpleDateFormat class.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.previous-last-login-time-format.syntax.string.pattern.synopsis=Any valid format string that can be used with the java.text.SimpleDateFormat class.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.require-change-by-time.synopsis=Specifies the time by which all users with the associated password policy must change their passwords.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.require-change-by-time.description=The value is expressed in a generalized time format. If this time is equal to the current time or is in the past, then all users are required to change their passwords immediately. The behavior of the server in this mode is identical to the behavior observed when users are forced to change their passwords after an administrative reset.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.require-change-by-time.syntax.string.pattern.synopsis=A valid timestamp in generalized time form (for example, a value of "20070409185811Z" indicates a value of April 9, 2007 at 6:58:11 pm GMT).

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.require-secure-authentication.synopsis=Indicates whether users with the associated password policy are required to authenticate in a secure manner.

b90dd6c0a9df584619d3c47be7c9417f55d5ccf6Bob Halleyproperty.require-secure-authentication.description=This might mean either using a secure communication channel between the client and the server, or using a SASL mechanism that does not expose the credentials.

70680fa51b0147c726b939b72b2420249429756aBob Halleyproperty.require-secure-password-changes.synopsis=Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials.

70680fa51b0147c726b939b72b2420249429756aBob Halleyproperty.skip-validation-for-administrators.synopsis=Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes.

40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halleyproperty.state-update-failure-policy.synopsis=Specifies how the server deals with the inability to update password policy state information during an authentication attempt.

40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halleyproperty.state-update-failure-policy.description=In particular, this property can be used to control whether an otherwise successful bind operation fails if a failure occurs while attempting to update password policy state information (for example, to clear a record of previous authentication failures or to update the last login time). It can also be used to control whether to reject a bind request if it is known ahead of time that it will not be possible to update the authentication failure times in the event of an unsuccessful bind attempt (for example, if the backend writability mode is disabled).

32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halleyproperty.state-update-failure-policy.syntax.enumeration.value.ignore.synopsis=If a bind attempt would otherwise be successful, then do not reject it if a problem occurs while attempting to update the password policy state information for the user.

40d01ce8f3a1889f5799d9b22b26d5398fa75a1bBob Halleyproperty.state-update-failure-policy.syntax.enumeration.value.proactive.synopsis=Proactively reject any bind attempt if it is known ahead of time that it would not be possible to update the user's password policy state information.

32dc06e7e82db6788d1ba9662f4afbe9b28ac90fBob Halleyproperty.state-update-failure-policy.syntax.enumeration.value.reactive.synopsis=Even if a bind attempt would otherwise be successful, reject it if a problem occurs while attempting to update the password policy state information for the user.

36983956d7c3d9e294903eeda29548f67ac17daeBob Halley