Hello,

If you are using ppm, you can take advantage of the checkRDN feature.

It will check if password contains parts of the RDN.

However, you cannot check against one or multiple specific attributes, like gecos, unless this attribute is chosen to be the RDN.

You can open an issue here, https://github.com/ltb-project/ppm/issues and we will check if this feature could be interresting.


David


Le 07/07/2021 à 22:01, kevin martin a écrit :
using ppolicy and a Default User Policy, along with ppm, I achieve the ability to control password length, password history, and complexity in as much as I can regulate that users must include numbers/special characters/letters (upper and lower case).  However, what I can't find a way to add to this is to have the gecos field be checked against the password being submitted during a change to verify that a users userid and/or first or last names aren't part of the password.  Is this possible in openldap?


---


Regards,

Kevin Martin