How to check password policy in opends, on Linux

Hello,
I have an old RHEL 5.8 server, which is running OpenDS-2.2.1. It was setup long back by some other admin and I need to check/know, what is password policy applied on it, for example, password complexity, password aging, etc.
I am trying various commands, but not able to figure out what command should I be using to get valid information.
Please advise, how can I get this information, what command I should be using.

[root@ldap-master1 ~]# netstat -tunlp | egrep "1636|1389"
tcp        0      0 :::1636                     :::*                        LISTEN      4496/java
tcp        0      0 :::1389                     :::*                        LISTEN      4496/java
[root@ldap-master1 ~]#
[root@ldap-master1 ~]# ps -ef | grep 4496
ldap      4496     1 21  2019 ?        209-15:56:19 /usr/java/jre1.6.0_29/bin/java -server -Xms2g -Xmx2g -Dorg.opends.server.scriptName=start-ds org.opends.server.core.DirectoryServer --configClass org.opends.server.extensions.ConfigFileHandler --configFile /export/home/ldap/OpenDS-2.2.1/config/config.ldif --quiet
root     13999 13313  0 17:23 pts/1    00:00:00 grep 4496
[root@ldap-master1 ~]#
[root@ldap-master1 ~]# ldapsearch -h localhost -p 1389 -D "cn=Directory Manager" -w pipvTvhgFdENvP9s4tbR -b "dc=xyxyxyxy,dc=com" -s sub "(uid=johnp)" ds-pwp-password-policy-dn
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:
[root@ldap-master1 ~]# /export/home/ldap/OpenDS-2.2.1/bin/dsconfig -D "cn=directory manager" -w pipvTvhgFdENvP9s4tbR -n get-password-policy-prop --policy-name "Default Password Policy"
Unable to connect to the server at "ldap-master1" on port 4444
[root@ldap-master1 ~]#
[root@ldap-master1 ~]# /export/home/ldap/OpenDS-2.2.1/bin/dsconfig -D "cn=directory manager" -p 1389 -w pipvTvhgFdENvP9s4tbR -n get-password-policy-prop --policy-name "Default Password Policy"
Unable to connect to the server at ldap-master1 on port 1389. In
non-interactive mode, if the trustStore related parameters are not used, you
must use the '--trustAll' option for remote connections
[root@ldap-master1 ~]#
[root@ldap-master1 ~]#
[root@ldap-master1 ~]# /export/home/ldap/OpenDS-2.2.1/bin/dsconfig -D "cn=directory manager" -p 1636 -w pipvTvhgFdENvP9s4tbR -n get-password-policy-prop --policy-name "Default Password Policy"
Unable to connect to the server at ldap-master1 on port 1636. In
non-interactive mode, if the trustStore related parameters are not used, you
must use the '--trustAll' option for remote connections
[root@ldap-master1 ~]#

I tried to do it with ldap user, and still seeing same errors.
Thanks

Hello,

For RHEL itself (and for any application or service that uses the authentication mechanisms provided natively by the OS), PAM and the login configuration files are probably what define and control your password policies. So places to look include /etc/pam.d/system-auth, /etc/pam.d/password-auth and /etc/login.defs. Those are the first places I'd check, for starters.

If the password policy questions you have are LDAP specific and are not controlled by RHEL itself or by any of the standard configuration files, then this would be entirely down to some aspect of the LDAP setup, and the applications that talk to LDAP and which are used for user authentication, password resets and the like.

Hope this helps ! If not, or if you have any further questions, please let us know and we can take it from there.

Yes you are correct. Basically I want to check/set password policy for LDAP accounts, not for local accounts.

Hi,

Ah, OK. I have no experience with OpenDS at all, but a quick Google search points me towards this documentation for configuring its password policies:

Configuring Password Policies - OpenDS Standard Edition 2.0 Administration Guide

Is this any use for you ?

I will check this document, if this can help. thanks