On Mon, Oct 11, 2010 at 7:08 PM, Christian Manal < moenoel@informatik.uni-bremen.de> wrote:
Am 11.10.2010 15:25, schrieb Meghanand Acharekar:
On Mon, Oct 11, 2010 at 6:42 PM, Christian Manal < moenoel@informatik.uni-bremen.de> wrote:
Am 11.10.2010 14:41, schrieb Meghanand Acharekar:
Hi,
I am using ppolicy overlay to enforce password policies. Following is my ppolicy configuration/ldif.
dn: cn=policies,dc=example,dc=com objectClass: top objectClass: device objectClass: pwdPolicy cn: policies pwdAttribute: userPassword pwdMaxAge: 7516800 pwdExpireWarning: 432000 pwdInHistory: 6 pwdCheckQuality: 1 pwdMinLength: 8 pwdMaxFailure: 4 pwdLockout: TRUE pwdLockoutDuration: 1920 pwdGraceAuthNLimit: 0 pwdFailureCountInterval: 0 pwdMustChange: TRUE pwdAllowUserChange: TRUE pwdSafeModify: FALSE
while changing password on first login I got following error.
WARNING: Your password has expired. You must change your password now and login again! Changing password for user prasad. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: LDAP password information update failed: Constraint violation Password is too young to change passwd: Permission denied Connection to myhost closed.
Thanks in advance Meghanand N Acharekar.
Hi,
when you set 'pwdCheckQuality: 1', you require a module to actually check the quality of the password. See slapo-ppolicy(5) and look at the pwdPolicyChecker/pwdCheckModule parts.
Hello
After setting pwdReset TRUE in user attribute, i'm getting another error.
LDAP password information update failed: Constraint violation Password fails quality checking policy passwd: Permission denied Connection to myhost closed.
Is it mandatory to use this module if we want to enforce password
policies.
Any idea.
Regards, Christian Manal
The 'Constraint violation' error means, that the new password does not conform to the quality requirements, or in your case, the quality could not be verified at all. As I said, if you want to use
pwdCheckQuality: 1
you *need* a pwdCheckModule to run the password through, or you will always get a constraint violation.
Okies, if I use simple password it prompts me as follows.
WARNING: Your password has expired. You must change your password now and login again! Changing password for user test Enter login(LDAP) password: New UNIX password: BAD PASSWORD: it does not contain enough DIFFERENT characters New UNIX password: BAD PASSWORD: it is based on a dictionary word New UNIX password: Retype new UNIX password: LDAP password information update failed: Constraint violation Password fails quality checking policy
By the way I found check_password.c file here https://ltb-project.org/svn/openldap-ppolicy-check-password/trunk/ I will compile it to generate check_password.so file and update you.
Regards, Christian Manal