On 2/23/22 22:02, Felix Natter wrote:
ldappasswd(1) is the right tool for the command-line but takes a DN to specify the user's entry.
I tried this (which would be fine as a solution):
ldappasswd -H ldap://<ip> -x -D \ cn=ldaptestuser1,ou=users,dc=company,dc=com -W -A -S
but it does not enforce the pwdMinLength:3 restriction of the PP.
It works for me:
xkcd@ae-dir-suse-p1:~> ldappasswd uid=aacj,cn=test,ou=ae-dir -s 123 Result: Constraint violation (19) Additional info: Password fails quality checking policy
xkcd@ae-dir-suse-p1:~> ldappasswd uid=aacj,cn=test,ou=ae-dir -s Geheimer123456789
xkcd@ae-dir-suse-p1:~> ldapwhoami -x -D uid=aacj,cn=test,ou=ae-dir -w Geheimer123456789 dn:uid=aacj,cn=test,ou=ae-dir
Are you sure your pwdPolicy entry is applied, and e.g. has pwdCheckQuality: 2?
Ciao, Michael.