Enable two sets of Password Policies to two different OpenDJ attributes

Home Forums ForgeRock Products Directory Services Enable two sets of Password Policies to two different OpenDJ attributes

Learn more about our upcoming Identity Summits

Tagged: , ,

This topic contains 2 replies, has 2 voices, and was last updated by  someswara.reddy.karem 5 months, 1 week ago.

  • Author
    Posts
  • April 10, 2019 at 4:58 pm #25505
     someswara.reddy.karem 
    Participant

    Dear All,

    Our scenario:

    Customers passwords are stored in OpenDJ’s userPassword attribute and Customers passcodes (6 digit) will be stored in “passcode” (new custom attribute added to OpenDJ) attribute.

    All customers will be under the below base dn:

    dc=users, dc=company, dc=platform

    And we have defined password and passcode policies accordingly.

    Our challenge:

    1) How to enable password and passcode policies in OpenDJ appropriately for userPassword and passcode attributes??

    And we would also wants to hash (SSHA-512) passcode values as like userPassword.

    As far as I knew, we can apply password policies based on server and/or sub-entry. But in our scenario, all users are under the same base dn and we want to apply policies for userPassword and passcode attributes correspondingly. Is this possible at all??

    It would be appreciated if you provide any guidance on this Thanks.

    Regards
    Som

    April 10, 2019 at 5:23 pm #25506
     Ludo 
    Moderator

    Unfortunately, there can only be a single password policy that apply to an entry (the pwdPolicySubentry operational attribute that indicates which password policy applies to the entry is single-valued).

    The password policy was designed taking in consideration that there is a single password to authenticate a user (there is state associated that needs to be maintained in the entry).

    April 16, 2019 at 11:11 am #25607
     someswara.reddy.karem 
    Participant

    Thanks Ludo for your response.

    With this limitation, we are trying to implement the below changes to meet requirements:

    1) Apply password policy to userPassword attribute only, however create custom passcode attribute to store hashed passcode values (Salted SHA-512) and we don’t apply passcode policy in OpenDJ, instead implement validations in application layer.

    Our challenge: is it possible to configure passcode attribute to store hashed values without creating password policy??is there anyway to configure passcode attribute to store hashed values?? (like userPassword attribute)

    And if we store hashed passcode values in passcode attribute in OpenDJ, can we login using username and passcode??if yes, what are the changes we need to implement in OpenAM trees/nodes?

    Thanks for your time and support.

    Best Regards
    Som

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.
Visit our blog

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?