--On Tuesday, May 01, 2012 4:20 PM -0700 "Kline, Sara" SKline@tnsi.com wrote:
We are using ppolicy to manage the password policy on our LDAP server. It at least checks the minimum length and the minimum amount of time needed before a person can change their password again, but is there a way to get it to check for upper case, lower case, numbers, etc? We need to force our users to make complex passwords.
pwdCheckModule
This attribute names a user-defined loadable module that must instanti- ate the check_password() function. This function will be called to further check a new password if pwdCheckQuality is set to one (1) or two (2), after all of the built-in password compliance checks have been passed. This function will be called according to this function proto- type: int check_password (char *pPasswd, char **ppErrStr, Entry *pEntry); The pPasswd parameter contains the clear-text user password, the ppErrStr parameter contains a double pointer that allows the function to return human-readable details about any error it encounters. The optional pEntry parameter, if non-NULL, carries a pointer to the entry whose password is being checked. If ppErrStr is NULL, then funcName must NOT attempt to use it/them. A return value of LDAP_SUCCESS from the called function indicates that the password is ok, any other value indicates that the password is unacceptable. If the password is unac- ceptable, the server will return an error to the client, and ppErrStr may be used to return a human-readable textual explanation of the error. The error string must be dynamically allocated as it will be free()'d by slapd.
( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
Note: The user-defined loadable module named by pwdCheckModule must be in slapd's standard executable search PATH.
Note: pwdCheckModule is a non-standard extension to the LDAP password policy proposal.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration