List subentry password policies
Per-server password policies are part of the DS server configuration.
Use the dsconfig command to list, read, and edit them.
Subentry policies are part of the DS directory data.
Use the ldapsearch command to list and read them.
The following command lists the subentry password policies under dc=example,dc=com:
$ ldapsearch \
--hostname localhost \
--port 1636 \
--useSsl \
--usePkcs12TrustStore /path/to/opendj/config/keystore \
--trustStorePassword:file /path/to/opendj/config/keystore.pin \
--bindDN uid=kvaughan,ou=people,dc=example,dc=com \
--bindPassword bribery \
--baseDn dc=example,dc=com \
"(&(objectClass=subEntry)(objectClass=ds-pwp-password-policy))"Show output
dn: cn=NIST inspired policy,dc=example,dc=com objectClass: top objectClass: subentry objectClass: ds-pwp-password-policy objectClass: ds-pwp-validator objectClass: ds-pwp-length-based-validator objectClass: ds-pwp-dictionary-validator cn: NIST inspired policy ds-pwp-default-password-storage-scheme: PBKDF2-HMAC-SHA512 ds-pwp-dictionary-data:: <data> ds-pwp-length-based-min-password-length: 8 ds-pwp-password-attribute: userPassword