search cancel

How can I get the dxPwdLoginTime but not enforce the password-policy rules?


Article ID: 53315


Updated On:


CA Directory CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting



Sometimes you may want to query the dxPwdLoginTime (Last login time for a particular user) operational attribute. At the same time you may not want to enforce any default password-policy rules e.g. (number of retries, password minimum length, etc). The following procedure explains how you can achieve this.



  • You do not have password-policy enabled on your DSA.
  • You want to query the last login time (dxPwdLoginTime) of a particular user.
  • But not enforce any password-policy rules.

Scenario Solution:

You can add the following settings in your DSA's settings file.

set password-policy = true;
set password-last-use = 1000000;
set password-min-length = 0;
set password-retries = 0;

Following is the explanation of the above settings:

  1. set password-policy = true;
    • Enables password policy on the DSA
  2. set password-last-use = 1000000; 
    • An account requires a successful bind/password compare in 'password-last-use' number of days. If this does not occur the account will become suspended.
    • To avoid the account to become suspended we set this value to a very high number. (Approximately 2739 years before account is suspended).
    • This is needed for the DSA to store the value for the "dxPwdLoginTime" operational attribute.
  3. set password-min-length = 0;
    • A new password must be at least 'password-min-length' characters long.
    • The default value is "6" therefore we need to set it to "0" so that this check is disabled.
  4. set password-retries = 0;
    • If the number of user binds and password compares with an invalid password equals the 'password-retries', then the account will become suspended.
    • The default value is "3" therefore we need to set it to "0" so that this check is disabled.


Release: ESPDIR99000-8.1-Extended Support Plus-for CA Directory