Re: role manage can bypass pwdCheckQuality with MOD but not with ADD op

24 Jun 2022


      --On Friday, June 24, 2022 7:20 PM +0200 Uwe Sauter 
uwe.sauter.de@gmail.com wrote:
...
As far as I understand, everybody with write access to the userPassword
attribute can set this to any value.
In order to involve the ppolicy module you need to use extended
ldapmodify functionality (ldappasswd, ldapmodify -E ppolicy or a properly
configured passwd/PAM stack).
It is possible to configure ppolicy to intercept MOD ops of userPassword to 
fix that issue.  I don't think you can intercept ADD operations in this 
regard, however.  Generally one has to create the entry and then set the 
userPassword afterwards with the extended op.
--Quanah

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Re: role manage can bypass pwdCheckQuality with MOD but not with ADD op