Allows an entry's password to be set or changed by LDAP clients.
userPassword
For help in understanding the attribute definition template, see Reading NDS Attribute Type Definitions.
This attribute is accessible only through LDAP and is a write-only attribute.
Passwords in NDS are stored as a RSA public and private key pairs. The Novell LDAP server uses the userPassword attribute to generate these key pairs for an LDAP client.
NDS 8.17 or higher is required for users to change their passwords.
NDS 7.xx and higher is required for an administrator to change user passwords.
To change a password for a user, administrators are required only to submit a new value for the userPassword attribute.
For a user to change his or her own password, the user must submit a delete request for the userPassword attribute with the current value and an add request for the userPassword attribute with the new value.
When creating a user, a value must be set for the userPassword attribute in order for the user to log in to the directory.
When using an LDAP compare function to verify a userPassword value, the function can return true and the client can still be locked out of the account. NDS uses the following attributes, not just the userPassword attribute, to control access to an account:
If the password is verified as valid, these other attributes should be checked to determine why the client cannot access the account.