The slapo-ppolicy overlay has a parameter for loading an external module
for doing additional password checks. One example of this would be the LTB
project's PPM (password policy module) extension.
However, we currently have no method in OpenLDAP for supporting
configuration for such a module via cn=config. Using this module, we can
see two basic issues:
a) There needs to be a way to load schema for the module for whatever its
configuration items are
b) There needs to be a way to use so that it can have multiple policies
(similar to ppolicy) so that you can have different password checking
policies. Something like: pwdCheckModule <modulepath> <policyDN>. In this
way, you could have multiple password policies with different password
check requirements.
Additionally, we currently do not have a standard on a naming convention
for manual pages, etc, for such an item. I would propose slapm-<name> (m
for module), such as "slapm-ppm.5"
Thoughts etc welcome.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<
http://www.symas.com>