If you are using ppm, you can take advantage of the checkRDN feature.
It will check if password contains parts of the RDN.
However, you cannot check against one or multiple specific attributes,
like gecos, unless this attribute is chosen to be the RDN.
You can open an issue here, https://github.com/ltb-project/ppm/issues
and we will check if this feature could be interresting.
Le 07/07/2021 à 22:01, kevin martin a écrit :
using ppolicy and a Default User Policy, along with ppm, I achieve
ability to control password length, password history, and complexity
in as much as I can regulate that users must include numbers/special
characters/letters (upper and lower case). However, what I can't find
a way to add to this is to have the gecos field be checked against the
password being submitted during a change to verify that a users userid
and/or first or last names aren't part of the password. Is this
possible in openldap?