Re: pwdCheckQuality doesn't work

Zhang Weiwu zhangweiwu@realss.com writes:

My checklist:

1. RTFM slapo-ppolicy: done, 3 times;
2. check openldap version: 2.4, newly installed on Gentoo Linux;
3. check ppolicy overlay successfully loaded and being used: must be, because operational attribute like pwdFailureTime was maintained;
4. pwdAttribute setting: correct, value is "userPassword";
5. pwdCheckQuality: correct, value is 2 (server always check password syntax);
6. pwdMinLength: correct, value is 6, server do not accept password short than 6 character;
7. ppolicy_default: correctly set, because change pwdMaxFailure on default entry does have effect;
8. the entry being operated doesn't have pwdPolicySubentry, so default should be applied: correct;
9. slapd server was restarted after all above check;

Test result: Still doesn't work:

$ldappasswd -vD uid=admin,st=jiangxi,o=LGOP -x -w secret -s 13456 ou=吉安市,st=jiangxi,o=LGOP ldap_initialize( <DEFAULT> ) Result: Success (0)

(expected not successful here because new password was too short)

I am stuck here. Do I miss something on my checklist?

I presume that you changed userpassword as rootdn, bear in mind that rootdn bypasses all restrictions.

-Dieter