skip to main content

Directory Services Attribute

Account Password Policy (tamuEduPersonPasswordPolicy)

Attribute details

LDAP tamuEduPersonPasswordPolicy attribute properties, usage and population rules
Definition: Password management restrictions for account.

Values in this attribute are used to enforce stricter password management policies than those in place for basic NetID accounts. View default NetID password management policies.
Attribute Name: 'tamuEduPersonPasswordPolicy'
OID: 1.3.6.1.4.1.4391.0.16
URN: urn:oid:1.3.6.1.4.1.4391.0.16
Multiple Values: Multi-valued
Format: IA5 String {128}
Search Syntax: EQUALITY caseIgnoreIA5Match
Controlled Vocabulary: sspr:optout account holder has voluntarily disabled self-service password reset for account
sspr:prohibited self-service password reset may not be used for account
phonereset:optout account holder has voluntarily disabled the ability to reset password by calling Help Desk Central
phonereset:prohibited account ineligible to reset password by calling Help Desk Central
duo:optout account holder has voluntarily disabled the Duo Two-Factor Authentication prompt for account when logging into applications via CAS
Source: If account is vetted and cleared for a level of assurance that prohibits use of self-service password resets, NetID Identity Management System sets ⇒ sspr:prohibited
If account is vetted and cleared for a level of assurance that prohibits use of Help Desk Central over-the-phone password resets, NetID Identity Management System sets ⇒ phonereset:prohibited
If account holder disables use of self-service password reset for account on Aggie Account Gateway Password Settings ⇒ sspr:optout
If account owner disables use of Help Desk Central over-the-phone password reset for account on Aggie Account Gateway Password Settings ⇒ phonereset:optout
If account holder disables use of Duo Two-Factor Authentication with CAS for account on Aggie Account Gateway Password Settings ⇒ duo:optout

Directory-specific details

LDAP tamuEduPersonPasswordPolicy attribute properties that are dependent on directory branch or object class configuration
  Enterprise Directory
People Branch
Directory URL: ldap.tamu.edu
Object Class: tamuEduAuthN
Required: no
Indexing: none
Access: Access to Enterprise Directory restricted.
Usage: account password and authentication event management
Example(s): phonereset:optout