Password policy configuration

Describes the procedure to import users to internal LDAP

The user with administrative privileges can define password policy rules. PolicyUser and ProxyUser have the Password Policy option as disabled, by default.

Defining a Password Policy

If the number of unsuccessful password attempts exceed the defined value in the password policy, the account gets locked.

For more information about Password Policy, refer here.

Perform the following steps to define a password policy.

  1. From the ESA Web UI, navigate to Settings > Users.

  2. On the User Management tab under the Define Password Policy area, click Edit (Edit Icon).

    Define password policy

  3. Select the password policy options for users which is described in the following table:

    Password Policy OptionDescriptionDefault ValuePossible Values
    Minimum period for changeoverNumber of days since the last password change.10-29
    Password expiryNumber of days a password remains valid.300-720
    Lock on maximum failuresNumber of attempts a user makes before the account is locked and requires Admin help for unlocking.50-10
    Password historyNumber of older passwords that are retained and checked against when a password is updated.10-64
  4. Click on Apply Changes.

  5. Enter your password prompt appears. Enter the password and click Ok.

Resetting the password policy to default settings

If the number of unsuccessful password attempts exceed the defined value in the password policy, the account gets locked.

For more information about Password Policy, refer here.

The password policy is set to default values as mentioned in the Password Policy Configuration table.

The users imported into LDAP have Password Policy disabled, by default. This option cannot be enabled for imported users.

Perform the following steps to reset the password policy to default settings.

  1. Click Reset.
    A confirmation message appears.

  2. Click Yes.

  3. The Enter your password prompt appears. Enter the password and click Ok.

Enabling password policy for Local LDAP users

Perform the following steps to enable password policy for Local LDAP users.

  1. From the ESA Web UI, navigate to Settings > Users.

  2. In the Manage Users area, click Password Policy toggle for the user.
    A dialog box appears requesting LDAP credentials.

  3. The Enter your password prompt appears. Enter the password and click Ok.

After successful validation, password policy is enabled for the user.

Users locked out from too many password failures

If the number of unsuccessful password attempts exceed the defined value in the password policy, the account gets locked. Users who have been locked out receive the error message “Login Failure: Account locked” when trying to log in. To unlock the user, a user with administrative privileges must reset their password.

When an Admin user is locked, the local_admin user can be used to unlock the Admin user from the CLI Manager. Note that the local_admin is not part of LDAP, so it cannot be locked. For more information about Password Policy, including resetting passwords, refer Password Policy.

Last modified January 21, 2025