Hi,
looks like I've successfully configured the ppolicy overlay, but I have some questions.
The relevant config:
olcModuleLoad: {0}ppolicy structuralObjectClass: olcModuleList
dn: olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {2}ppolicy olcPPolicyDefault: cn=default,ou=pwpolicies,dc=hu olcPPolicyHashCleartext: FALSE olcPPolicyUseLockout: FALSE
dn: cn=default,ou=pwpolicies,dc=hu cn: default objectClass: pwdPolicy objectClass: pwdPolicyChecker objectClass: device pwdAllowUserChange: TRUE pwdInHistory: 5 pwdMinLength: 10 pwdAttribute: userPassword pwdCheckQuality: 0
When I change my passwd with ldappasswd, the history check works:
ldappasswd -H ldaps://dev-ldap-01:636 -W -D uid=airween,ou=Users,ou=company,dc=comp,DC=hu -S New password: Re-enter new password: Enter LDAP Password: Result: Constraint violation (19) Additional info: Password is in history of old passwords
but I can set up new password with less than 10 characters, eg "abc". What em I missed?
I've never read it, but looks like the policy has effect only when I'm changing passwd with 'ldappasswd', but when I'm using ldapmodify, then I can bypass the rules
ldapmodify -H ldaps://dev-ldap-01:636 -D 'uid=airween,ou=Users,ou=company,dc=comp,dc=hu' -x -W -f file.ldif modifying entry "uid=airween,ou=Users,ou=company,dc=comp,DC=hu"
[DONE WITH PREV PASSWD]
Is it right?
How can I validate the policy for all methods?
Thanks,
a.