Re: ppolicy pwdMinLenght, pwdAccountLockedTime and pwdLockoutDuration don't work as supposed

Theo Alves wrote:

[..] when an user access ldap by python the ppolicy pwdMinLenght doesn't work. The user can freely put a password too short. That doesn't happen when using passwd. Check out the python code snip:

import ldap dn = 'uid=%s,ou=People,dc=example,dc=com' % 'user1' con = ldap.initialize('ldapi:///') con.bind_s(dn, raw_input('Password: ')) #getting the present password con.passwd_s(dn, None, '1')

The to default_ppolicy entry pwdMinLenght is setted to 5, even so the code above works to regular users and they can put passwords too short.

The code above does mainly what ldappasswd does: It sends Password Modify extended operation request. Not sure what 'passwd' (via pam_ldap) does in your case.

Ciao, Michael.