The slapo-ppolicy overlay has a parameter for loading an external module for doing additional password checks. One example of this would be the LTB project's PPM (password policy module) extension.

However, we currently have no method in OpenLDAP for supporting configuration for such a module via cn=config. Using this module, we can see two basic issues:

a) There needs to be a way to load schema for the module for whatever its configuration items are

b) There needs to be a way to use so that it can have multiple policies (similar to ppolicy) so that you can have different password checking policies. Something like: pwdCheckModule <modulepath> <policyDN>. In this way, you could have multiple password policies with different password check requirements.

Additionally, we currently do not have a standard on a naming convention for manual pages, etc, for such an item. I would propose slapm-<name> (m for module), such as "slapm-ppm.5"

Thoughts etc welcome.

--Quanah

--

Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com