Enable two sets of Password Policies to two different OpenDJ attributes

This topic has 2 replies, 2 voices, and was last updated 3 years, 3 months ago by someswara.reddy.karem.

  • Author
  • #25505

    Dear All,

    Our scenario:

    Customers passwords are stored in OpenDJ’s userPassword attribute and Customers passcodes (6 digit) will be stored in “passcode” (new custom attribute added to OpenDJ) attribute.

    All customers will be under the below base dn:

    dc=users, dc=company, dc=platform

    And we have defined password and passcode policies accordingly.

    Our challenge:

    1) How to enable password and passcode policies in OpenDJ appropriately for userPassword and passcode attributes??

    And we would also wants to hash (SSHA-512) passcode values as like userPassword.

    As far as I knew, we can apply password policies based on server and/or sub-entry. But in our scenario, all users are under the same base dn and we want to apply policies for userPassword and passcode attributes correspondingly. Is this possible at all??

    It would be appreciated if you provide any guidance on this Thanks.



    Unfortunately, there can only be a single password policy that apply to an entry (the pwdPolicySubentry operational attribute that indicates which password policy applies to the entry is single-valued).

    The password policy was designed taking in consideration that there is a single password to authenticate a user (there is state associated that needs to be maintained in the entry).


    Thanks Ludo for your response.

    With this limitation, we are trying to implement the below changes to meet requirements:

    1) Apply password policy to userPassword attribute only, however create custom passcode attribute to store hashed passcode values (Salted SHA-512) and we don’t apply passcode policy in OpenDJ, instead implement validations in application layer.

    Our challenge: is it possible to configure passcode attribute to store hashed values without creating password policy??is there anyway to configure passcode attribute to store hashed values?? (like userPassword attribute)

    And if we store hashed passcode values in passcode attribute in OpenDJ, can we login using username and passcode??if yes, what are the changes we need to implement in OpenAM trees/nodes?

    Thanks for your time and support.

    Best Regards

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?