24 Jun
2022
24 Jun
'22
9:20 a.m.
As far as I understand, everybody with write access to the userPassword attribute can set this to any value.
In order to involve the ppolicy module you need to use extended ldapmodify functionality (ldappasswd, ldapmodify -E ppolicy or a properly configured passwd/PAM stack).
Am 24.06.22 um 16:59 schrieb tempo@net-c.com:
Hi,
I'm doing some testing on userPassword management actually with openldap 2.5.9
I noticed that I could MOD a userPassword without checking quality if my admin role was "manage"
However, if I try to ADD a user with its attribute userPassword set, then quality is checked although the role "manage"
ppolicy in both cases are the default one (policy subentry not set)
Is it normal behavior ?
Regards,