From eafb52c6333e6f4c2872d78098ddd053c8ce3324 Mon Sep 17 00:00:00 2001 From: Marisa Date: Fri, 17 Oct 2025 13:11:08 -0400 Subject: [PATCH] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index cd40680..3c2b906 100644 --- a/README.md +++ b/README.md @@ -703,6 +703,11 @@ These are the password policy options that the openLDAP ppolicy.so module accept The default, which is 0, is to _not_ check the quality of the password. \ If it is set to 2, the server always _enforces_ the quality checks; if it is unable to check it due to password policies, the password failure will be logged and _rejected_. \ If it is set to 1, the server will _always_ accept a password, but it _will check it_ and be logged in the event it's unable to check it due to password policies.\ + `pwdMaxFailure` How many times a user can fail to authenticate before the user becomes locked out. In order for this option to be enforced, the pwdLockout attribute can be set to TRUE or FALSE; by default, any user having this attribute, pwdLockout, becomes locked, meaning that removing this attributes also works as setting it to FALSE. The default is 0 or the user not having the attribute, which means infinite tries/no lock out.\ + `pwdLockout` This must be set to TRUE for the pwdMaxFailure setting to take affect. If it is missing or set to FALSE, pwdMaxFailure is ignored.\ + `pwdLockoutDuration` How many seconds before an account that has been locked out will be automatically unlocked by the server. The default is 0.\ + `pwdMustChange` When this is set to TRUE and an administrator resets a user password, the user is forced to reset it themselves on the first login. The default is FALSE.\ + ## _Show Organizational Units, users, and attributes_