2013/4/10 D C dc12078@gmail.com
After nearly two weeks of going nuts trying to setup a password policy, I finally found part of the documentation that I was missing. Apparently "ppolicy" does not actualy enforce the policy you create. If I'm understanding the documentation correctly, it really only provides more of a transport to something else which can do it.
No, ppolicy overlay manages a lot of things, like password history, password min size, password expiration, etc.
In particular the attribute pwdCheckModule, needs to point to a module which can enforce the policy. However no module seems to be provided.
What modules are other people using? I stumbled around and found password_check.so, which I am trying to setup now with partial success.
http://ltb-project.org/wiki/documentation/openldap-ppolicy-check-password
This module adds some additional checks to the standard ppolicy overlay, like lower and upper cases characters.
Anyone else have something better? One thing I need to do which I don't think this will help with, is storing the last x passwords.
Just use the standard ppolicy overlay and set pwdInHistory attribute value.
Clément.
Thanks, Dan