[Issue 9740] olcPPolicyCheckModule not working in 2.6.0
https://bugs.openldap.org/show_bug.cgi?id=9740
--- Comment #1 from Ondřej Kuzník <ondra(a)mistotebe.net> ---
On Fri, Nov 05, 2021 at 11:51:51AM +0000, openldap-its(a)openldap.org wrote:
Following: https://bugs.openldap.org/show_bug.cgi?id=9666, we must
now use the
olcPPolicyCheckModule directive in the overlay configuration, instead of the
pwdCheckModule in the password policy.
I have 3 remarks:
1/ it's a pity we can't define the chosen module in the corresponding ppolicy.
It prevents having multiple extension to password policies (one for each
policy)
Hi David,
the problem is you have to load/unload it every time you run a password
change, that has been causing issues. You can use the same
implementation and pass policy specific configuration in pwdCheckModuleArg.
What is your usecase where you'd need different modules in the same
server?
2/ it does not seem to work. (ie the extended module is not
launched). See
below for my config and data.
Just checking you are actually building with --enable-modules?
3/ the slapo-ppolicy is quite unclear about the configuration. For
example, I
can read:
( 1.3.6.1.4.1.4754.2.99.1
NAME 'pwdPolicyChecker'
AUXILIARY
SUP top
MAY ( pwdCheckModule $ pwdCheckModuleArg $ pwdUseCheckModule ) )
Does pwdCheckModule and pwdUseCheckModule still have sense?
pwdCheckModule is preserved for backwards compatibility and using it
provokes a warning in the logs to let the admin know it is actually
ignored.
pwdUseCheckModule is new and allows the policy admin decide whether the
module is to be used in this particular policy or not.
Regards,
--
You are receiving this mail because:
You are on the CC list for the issue.