--- Comment #8 from David Coutadeur <david.coutadeur(a)gmail.com> ---
(In reply to Ondřej Kuzník from comment #5)
On Mon, Nov 08, 2021 at 02:51:43PM +0000, openldap-its(a)openldap.org
>> - you are not using pwdUseCheckModule - the module configured will not
>> actually be used even if dealing with plaintext passwords
> Yes, it seems working with this parameter set inside the default policy!
> I did'nt understand this parameter fully at first instance.
> This parameter is quite new, isn't it? (specific to 2.6 release?) IMO it is
> actually a big step in migration process. Maybe can you add this in the
> migration steps from 2.5 to 2.6. (it does not seem to be documented here for
> example: https://www.openldap.org/doc/admin26/guide.html#Migration
Yes and it has been documented in the upgrading section. How about these
changes to the admin guide:
>> That's already documented here:
>> Could you suggest any improvements to address whatever other confusion
>> you think exists?
> The extended module is described at multiple places in the manual. Maybe quote
> each time the minimum essential parameters implicated in the process?
> - olcPPolicyCheckModule
> - pwdUseCheckModule
> - pwdCheckModuleArg
The manpage is long enough even before we start duplicating things
unnecessarily. Trying to add in what you mention, I found everything was
already in the places I thought it was relevant and the links were
mostly there to link the concepts. The existence of this ITS suggests
you disagree, please suggest a different approach.
Also note that it's up to the actual module whether pwdCheckModuleArg
is needed or not. As such we can only suggest what to do with it.
> The first occurrence where it is missing is for example:
> ppolicy_check_module <path>
> Specify the path of a loadable module containing a
> check_password() function for additional password quality checks. The use of
> this module is described further below in the description of the
"The use of this module is described further below in the description of
the pwdPolicyChecker objectclass."
Is there anything about this sentence that should be changed to make it
clearer after taking into account the change proposed in MR!441.
Sorry for the late answer.
I have read again the last version of slapo-ppolicy man page.
Everything seems ok : each section is linked to each other.
The attributes section (pwdUseCheckModule/pwdCheckModuleArg) defines all
attributes at the same place and show how they work together.
Thanks for the fix about the upgrade notes.
You are receiving this mail because:
You are on the CC list for the issue.