Chapter 19. Managing User Authentication

When a user connects to the Red Hat Directory Server, first the user is authenticated. Then, the directory grants access rights and resource limits to the user depending upon the identity established during authentication.
This chapter describes tasks for managing users, including configuring the password and account lockout policy for the directory, denying groups of users access to the directory, and limiting system resources available to users depending upon their bind DNs.

19.1. Setting User Passwords

An entry can be used to bind to the directory only if it has a userPassword attribute and if it has not been inactivated. Because user passwords are stored in the directory, the user passwords can be set or reset with any LDAP operation, like ldapmodify.
For information on creating and modifying directory entries, see Chapter 3, Managing Directory Entries. For information on inactivating user accounts, see Section 19.15, “Manually Inactivating Users and Roles”.
Passwords can also be set and reset in the Users and Groups area of the Red Hat Administration Server or Directory Server Console. For information on how to use the Users and Groups area in the Administration Server Console, see the online help that is available in the Red Hat Administration Server.
Only password administrators, described in Section 19.2, “Setting Password Administrators”, and the root DN can add pre-hashed passwords. These users can also violate password policy.


When using a password administrator account or the Directory Manager (root DN) to set a password, password policies are bypassed and not verified. Do not use these accounts for regular user password management. Use them only to perform password administration tasks that require bypassing the password policies.