I have a question regarding password rules that are enforced when a user changes their password in OpenLDAP. We have a need to implement a dictionary rule whereby words and phrases in a dictionary are not allowed in a users password. I am not able to see currently where such functionality exists in OpenLDAP and am wondering if there are any extensions to OPenLDAP that were developed to support this or if it would be required to write code to support this feature?
Thanks,Alan
Alan Andrea alan_andrea@yahoo.com schrieb am 27.01.2022 um 17:04 in Nachricht
1969009486.3151222.1643299488383@mail.yahoo.com:
I have a question regarding password rules that are enforced when a user changes their password in OpenLDAP. We have a need to implement a dictionary rule whereby words and phrases in a dictionary are not allowed in a users password. I am not able to see currently where such functionality exists in OpenLDAP and am wondering if there are any extensions to OPenLDAP that were developed to support this or if it would be required to write code to support this feature?
AFAIK it would have to be done via password policy using a custom module (unless something read for use exists already). See pwdCheckQuality, pwdCheckModule
Regards, Ulrich
Thanks,Alan
"Ulrich Windl" Ulrich.Windl@rz.uni-regensburg.de schrieb am 28.01.2022 um
08:49 in Nachricht 61F3A01F020000A100047394@gwsmtp.uni-regensburg.de:
Alan Andrea alan_andrea@yahoo.com schrieb am 27.01.2022 um 17:04 in Nachricht
1969009486.3151222.1643299488383@mail.yahoo.com:
I have a question regarding password rules that are enforced when a user changes their password in OpenLDAP. We have a need to implement a
dictionary
rule whereby words and phrases in a dictionary are not allowed in a users password. I am not able to see currently where such functionality exists in
OpenLDAP and am wondering if there are any extensions to OPenLDAP that were developed to support this or if it would be required to write code to
support
this feature?
AFAIK it would have to be done via password policy using a custom module (unless something read for use exists already).
I had meant to write "... ready for use ...".
See pwdCheckQuality, pwdCheckModule
Regards, Ulrich
Thanks,Alan
--On Thursday, January 27, 2022 4:04 PM +0000 Alan Andrea alan_andrea@yahoo.com wrote:
I have a question regarding password rules that are enforced when a user changes their password in OpenLDAP. We have a need to implement a dictionary rule whereby words and phrases in a dictionary are not allowed in a users password. I am not able to see currently where such functionality exists in OpenLDAP and am wondering if there are any extensions to OPenLDAP that were developed to support this or if it would be required to write code to support this feature?
OpenLDAP 2.5 and later ship with the contrib Password Policy Module that allows a number of different polices to be enforced. One of the options with it, if you read the man page, is to pass it a dictionary for use with cracklib.
Regards, Quanah
openldap-technical@openldap.org
-
Alan Andrea -
Quanah Gibson-Mount -
Ulrich Windl