[Issue 9740] olcPPolicyCheckModule not working in 2.6.0

https://bugs.openldap.org/show_bug.cgi?id=9740 --- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net&gt; --- On Fri, Nov 05, 2021 at 01:09:06PM +0000, openldap-its(a)openldap.org wrote: Then I would wait until a compelling use case comes up before we consider reverting that change. Yes, that's fine, checking your policy again: - pwdCheckQuality is 2, great, but the password you're setting is hashed already so it will just fail before considering whether the module should be used - you are not using pwdUseCheckModule - the module configured will not actually be used even if dealing with plaintext passwords At least section 4.2.6 of the Behera draft[0] implicitly suggests that password administrators should be exempt from quality checking by being able to "set or reset the password to a well-known value." Is that the reason it wasn't being used for you or are you still having issues regardless of the above? The manpage doesn't seem to document that the module is not used unless pwdCheckQuality is also enabled. I'll see about fixing that, thanks. That's already documented here: https://git.openldap.org/openldap/openldap/-/blob/master/doc/man/man5/sla... Could you suggest any improvements to address whatever other confusion you think exists? Thanks, [0]. https://datatracker.ietf.org/doc/html/draft-behera-ldap-password-policy-1... -- You are receiving this mail because: You are on the CC list for the issue.