On Mon, Oct 11, 2010 at 6:42 PM, Christian Manal <moenoel@informatik.uni-bremen.de> wrote:
Am 11.10.2010 14:41, schrieb Meghanand Acharekar:
> Hi,
>
> I am using ppolicy overlay to enforce password policies.
> Following is my ppolicy configuration/ldif.
>
> dn: cn=policies,dc=example,dc=com
> objectClass: top
> objectClass: device
> objectClass: pwdPolicy
> cn: policies
> pwdAttribute: userPassword
> pwdMaxAge: 7516800
> pwdExpireWarning: 432000
> pwdInHistory: 6
> pwdCheckQuality: 1
> pwdMinLength: 8
> pwdMaxFailure: 4
> pwdLockout: TRUE
> pwdLockoutDuration: 1920
> pwdGraceAuthNLimit: 0
> pwdFailureCountInterval: 0
> pwdMustChange: TRUE
> pwdAllowUserChange: TRUE
> pwdSafeModify: FALSE
>
> while changing password on first login I got following error.
>
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for user prasad.
> Enter login(LDAP) password:
> New UNIX password:
> Retype new UNIX password:
> LDAP password information update failed: Constraint violation
> Password is too young to change
> passwd: Permission denied
> Connection to myhost closed.
>
> Thanks in advance
> Meghanand N Acharekar.
>


Hi,

when you set 'pwdCheckQuality: 1', you require a module to actually
check the quality of the password. See slapo-ppolicy(5) and look at the
pwdPolicyChecker/pwdCheckModule parts.



Hello

After setting pwdReset TRUE in user attribute, i'm getting another error.

LDAP password information update failed: Constraint violation
Password fails quality checking policy
passwd: Permission denied
Connection to myhost closed.

Is it mandatory to use this module if we want to enforce password policies.
Any idea.
 
Regards,
Christian Manal