8:04 a.m.
I have a question regarding password rules that are enforced when a user changes their
password in OpenLDAP. We have a need to implement a dictionary rule whereby words and
phrases in a dictionary are not allowed in a users password. I am not able to see
currently where such functionality exists in OpenLDAP and am wondering if there are any
extensions to OPenLDAP that were developed to support this or if it would be required to
write code to support this feature?
Thanks,Alan
11:49 p.m.
New subject: Antw: [EXT] Question regarding password dictionary rule in OpenLDAP
>> Alan Andrea <alan_andrea(a)yahoo.com> schrieb am
27.01.2022 um 17:04 in Nachricht
<1969009486.3151222.1643299488383(a)mail.yahoo.com>:
I have a question regarding password rules that are enforced when a
user
changes their password in OpenLDAP. We have a need to implement a dictionary
rule whereby words and phrases in a dictionary are not allowed in a users
password. I am not able to see currently where such functionality exists in
OpenLDAP and am wondering if there are any extensions to OPenLDAP that were
developed to support this or if it would be required to write code to support
this feature?
AFAIK it would have to be done via password policy using a custom module (unless something
read for use exists already).
See pwdCheckQuality, pwdCheckModule
Regards,
Ulrich
Thanks,Alan
11:13 p.m.
New subject: Antw: [EXT] Question regarding password dictionary rule in OpenLDAP
>> "Ulrich Windl"
<Ulrich.Windl(a)rz.uni-regensburg.de> schrieb am 28.01.2022 um
08:49 in
Nachricht <61F3A01F020000A100047394(a)gwsmtp.uni-regensburg.de>:
>>> Alan Andrea <alan_andrea(a)yahoo.com> schrieb am
27.01.2022 um 17:04 in Nachricht
<1969009486.3151222.1643299488383(a)mail.yahoo.com>:
> I have a question regarding password rules that are enforced when a user
> changes their password in OpenLDAP. We have a need to implement a
dictionary
> rule whereby words and phrases in a dictionary are not allowed in a users
> password. I am not able to see currently where such functionality exists in
> OpenLDAP and am wondering if there are any extensions to OPenLDAP that were
> developed to support this or if it would be required to write code to
support
> this feature?
AFAIK it would have to be done via password policy using a custom module
(unless something read for use exists already).
I had meant to write "... ready for use ...".
See pwdCheckQuality, pwdCheckModule
Regards,
Ulrich
>
> Thanks,Alan
7:42 p.m.
--On Thursday, January 27, 2022 4:04 PM +0000 Alan Andrea
<alan_andrea(a)yahoo.com> wrote:
I have a question regarding password rules that are enforced when a user
changes their password in OpenLDAP. We have a need to implement a
dictionary rule whereby words and phrases in a dictionary are not allowed
in a users password. I am not able to see currently where such
functionality exists in OpenLDAP and am wondering if there are any
extensions to OPenLDAP that were developed to support this or if it would
be required to write code to support this feature?
OpenLDAP 2.5 and later ship with the contrib Password Policy Module that
allows a number of different polices to be enforced. One of the options
with it, if you read the man page, is to pass it a dictionary for use with
cracklib.
Regards,
Quanah
606
days inactive
611
days old
openldap-technical@openldap.org
3 comments
3 participants
participants (3)
-
Alan Andrea -
Quanah Gibson-Mount -
Ulrich Windl