Update README.md

2025-10-17 13:11:08 -04:00 · 2025-10-17 13:11:08 -04:00 · eafb52c633
commit eafb52c633
parent 0cd83dc665
1 changed files with 5 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -703,6 +703,11 @@ These are the password policy options that the openLDAP ppolicy.so module accept
 The default, which is 0, is to _not_ check the quality of the password. \
 If it is set to 2, the server always _enforces_ the quality checks; if it is unable to check it due to password policies, the password failure will be logged and _rejected_. \
 If it is set to 1, the server will _always_ accept a password, but it _will check it_ and be logged in the event it's unable to check it due to password policies.\
+ `pwdMaxFailure` How many times a user can fail to authenticate before the user becomes locked out. In order for this option to be enforced, the pwdLockout attribute can be set to TRUE or FALSE; by default, any user having this attribute, pwdLockout, becomes locked, meaning that removing this attributes also works as setting it to FALSE. The default is 0 or the user not having the attribute, which means infinite tries/no lock out.\
+ `pwdLockout` This must be set to TRUE for the pwdMaxFailure setting to take affect. If it is missing or set to FALSE, pwdMaxFailure is ignored.\
+ `pwdLockoutDuration` How many seconds before an account that has been locked out will be automatically unlocked by the server. The default is 0.\
+ `pwdMustChange` When this is set to TRUE and an administrator resets a user password, the user is forced to reset it themselves on the first login. The default is FALSE.\
+ 


 ## _Show Organizational Units, users, and attributes_