Hi,
I need to enforce the password quality check. I've set all the the requirement on the slapd.conf created default policies profile. Unfortunately, the pwdMinLength and pwdCheckQuality are not working. I also try to compile the cracklib with check_password.c and the Makefile. The instruction was not very clear. Does anyone have a procedure to install the check_password.so module? Please help me with this. See my below setting. I omitted all the other parts from slapd.conf..
slapd.conf file: ..... ..... include /usr/local/etc/openldap/schema/ppolicy.schema ..... overlay ppolicy ppolicy_default "cn=default,ou=policies,dc=example,dc=com" ppolicy_hash_cleartext ppolicy_use_lockout .....
# default, policies, arc.nasa.gov dn: cn=default,ou=policies,dc=example,dc=com cn: default objectClass: pwdPolicy objectClass: person objectClass: top objectClass: pwdPolicyChecker pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdExpireWarning: 180 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 5 pwdInHistory: 24 pwdLockout: TRUE pwdLockoutDuration: 1800 pwdMaxAge: 15768000 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 12 pwdMustChange: TRUE pwdSafeModify: FALSE sn: default policy pwdCheckModule: check_password.so pwdCheckQuality: 2
THANKS!!!
openldap-technical@openldap.org