Re: pwdCheckQuality doesn't work

["Dieter Kluenter" <dieter@dkluenter.de>]

Zhang Weiwu <zhangweiwu@realss.com> writes:

> My checklist:
>
>    1. RTFM slapo-ppolicy: done, 3 times;
>    2. check openldap version: 2.4, newly installed on Gentoo Linux;
>    3. check ppolicy overlay successfully loaded and being used: must be,
>       because operational attribute like pwdFailureTime was maintained;
>    4. pwdAttribute setting: correct, value is "userPassword";
>    5. pwdCheckQuality: correct, value is 2 (server always check password
>       syntax);
>    6. pwdMinLength: correct, value is 6, server do not accept password
>       short than 6 character;
>    7. ppolicy_default: correctly set, because change pwdMaxFailure on
>       default entry does have effect;
>    8. the entry being operated doesn't have pwdPolicySubentry, so
>       default should be applied: correct;
>    9. slapd server was restarted after all above check;
>
> Test result: Still doesn't work:
>
> $ldappasswd -vD uid=admin,st=jiangxi,o=LGOP -x -w secret -s 13456 ou=ååå,st=jiangxi,o=LGOP
> ldap_initialize( <DEFAULT> )
> Result: Success (0)
>
> (expected not successful here because new password was too short)
>
> I am stuck here. Do I miss something on my checklist?

I presume that you changed userpassword as rootdn, bear in mind that
rootdn bypasses all restrictions.

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6
53Â08'09,95"N
10Â08'02,42"E