From 2c7b8d6d8c0c177e8089272140dae66b87852ff7 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Tue, 17 Jul 2007 21:59:32 +0000
Subject: [PATCH] Implement support for password history functionality.  The password history can be maintained either based on the number of previous passwords to remember (e.g., a user cannot re-use any of his/her last five passwords), or the length of time the previous passwords have been retained (e.g., a user cannot re-use any password he/she has had within the last 365 days), or both.

---
 opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml |   59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 58 insertions(+), 1 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
index 933f525..447b814 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
@@ -946,7 +946,7 @@
   </adm:property>
 
   <adm:property name="state-update-failure-policy" mandatory="false"
-  multi-valued="false">
+    multi-valued="false">
     <adm:synopsis>
       Specifies how the server should deal with the inability to update password
       policy state information during an authentication attempt.  In particular,
@@ -996,5 +996,62 @@
     </adm:profile>
   </adm:property>
 
+  <adm:property name="password-history-count" mandatory="false"
+    multi-valued="false">
+    <adm:synopsis>
+      Specifies the maximum number of former passwords to maintain in the
+      password history.  When choosing a new password, the proposed password
+      will be checked to ensure that it does not match the current password, nor
+      any other password in the history list.  A value of zero indicates that
+      either no password history is to be maintained (if the password history
+      duration has a value of zero seconds), or that there is no maximum number
+      of passwords to maintain in the history (if the password history duration
+      has a value greater than zero seconds).
+    </adm:synopsis>
+    <adm:default-behavior>
+      <adm:defined>
+        <adm:value>0</adm:value>
+      </adm:defined>
+    </adm:default-behavior>
+    <adm:syntax>
+      <adm:integer lower-limit="0" upper-limit="2147483647" />
+    </adm:syntax>
+    <adm:profile name="ldap">
+      <ldap:attribute>
+        <ldap:oid>1.3.6.1.4.1.26027.1.1.444</ldap:oid>
+        <ldap:name>ds-cfg-password-history-count</ldap:name>
+      </ldap:attribute>
+    </adm:profile>
+  </adm:property>
+
+  <adm:property name="password-history-duration" mandatory="false"
+    multi-valued="false">
+    <adm:synopsis>
+      Specifies the maximum length of time that passwords should remain in the
+      password history.  When choosing a new password, the proposed password
+      will be checked to ensure that it does not match the current password, nor
+      any other password in the history list.  A value of zero seconds indicates
+      that either no password history is to be maintained (if the password
+      history count has a value of zero), or that there is no maximum duration
+      for passwords in the history (if the password history count has a value
+      greater than zero).
+    </adm:synopsis>
+    <adm:default-behavior>
+      <adm:defined>
+        <adm:value>0 seconds</adm:value>
+      </adm:defined>
+    </adm:default-behavior>
+    <adm:syntax>
+      <adm:duration base-unit="s" lower-limit="0" upper-limit="2147483647"
+        allow-unlimited="false" />
+    </adm:syntax>
+    <adm:profile name="ldap">
+      <ldap:attribute>
+        <ldap:oid>1.3.6.1.4.1.26027.1.1.445</ldap:oid>
+        <ldap:name>ds-cfg-password-history-duration</ldap:name>
+      </ldap:attribute>
+    </adm:profile>
+  </adm:property>
+
 </adm:managed-object>
 

--
Gitblit v1.10.0