[Issue 9740] olcPPolicyCheckModule not working in 2.6.0
https://bugs.openldap.org/show_bug.cgi?id=9740
--- Comment #5 from Ondřej Kuzník <ondra(a)mistotebe.net> ---
On Mon, Nov 08, 2021 at 02:51:43PM +0000, openldap-its(a)openldap.org wrote:
> - you are not using pwdUseCheckModule - the module configured
will not
> actually be used even if dealing with plaintext passwords
Yes, it seems working with this parameter set inside the default policy!
I did'nt understand this parameter fully at first instance.
This parameter is quite new, isn't it? (specific to 2.6 release?) IMO it is
actually a big step in migration process. Maybe can you add this in the
migration steps from 2.5 to 2.6. (it does not seem to be documented here for
example: https://www.openldap.org/doc/admin26/guide.html#Migration)
Yes and it has been documented in the upgrading section. How about these
changes to the admin guide:
https://git.openldap.org/openldap/openldap/-/merge_requests/440
> That's already documented here:
>
https://git.openldap.org/openldap/openldap/-/blob/master/doc/man/man5/sla...
>
> Could you suggest any improvements to address whatever other confusion
> you think exists?
The extended module is described at multiple places in the manual. Maybe quote
each time the minimum essential parameters implicated in the process?
ie:
- olcPPolicyCheckModule
- pwdUseCheckModule
- pwdCheckModuleArg
The manpage is long enough even before we start duplicating things
unnecessarily. Trying to add in what you mention, I found everything was
already in the places I thought it was relevant and the links were
mostly there to link the concepts. The existence of this ITS suggests
you disagree, please suggest a different approach.
Also note that it's up to the actual module whether pwdCheckModuleArg
is needed or not. As such we can only suggest what to do with it.
The first occurrence where it is missing is for example:
ppolicy_check_module <path>
Specify the path of a loadable module containing a
check_password() function for additional password quality checks. The use of
this module is described further below in the description of the
pwdPolicyChecker
objectclass.
"The use of this module is described further below in the description of
the pwdPolicyChecker objectclass."
Is there anything about this sentence that should be changed to make it
clearer after taking into account the change proposed in MR!441[0].
[0]. https://git.openldap.org/openldap/openldap/-/merge_requests/441
Thanks,
--
You are receiving this mail because:
You are on the CC list for the issue.