[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password change and ppolicy

To: openldap-technical@openldap.org
Subject: Re: password change and ppolicy
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Wed, 17 Jun 2009 14:43:58 +0200
Cc: Gustavo Mendes de Carvalho <gmcarvalho@gmail.com>
In-reply-to: <000701c9eb6a$87db0b70$97912250$@com>
References: <mailman.9.1244721602.50105.openldap-technical@openldap.org> <000701c9eb6a$87db0b70$97912250$@com>
User-agent: KMail/1.11.2 (Linux/2.6.29.1-desktop-4mnb; KDE/4.2.2; x86_64; ; )

On Friday 12 June 2009 16:31:50 Gustavo Mendes de Carvalho wrote:
> Hi Tizo,
>
> Suposed that your users has to login in some linux/Unix machine using their
> LDAP accounts, I sugest you to create some binary or script to allow your
> users to change their passwords invoking ldappasswd command.
>
> I mean, you can create a C program or shell script or even a PHP page,

Since PHP doesn't support LDAP controls, PHP is a bad choice for this.

> to
> validate some weaks in their passwords, like min length, capital letters,
> numbers, and so on.

The best place to implement the password policy is on the LDAP server, since 
it is more flexible (multiple policies) and applies to all applications 
changing passwords.

I use the attached perl script as a CGI (to allow users to check and change 
their password).

Regards,
Buchan

Attachment: ldap-password.pl
Description: Perl program

References:
- Re: password change and ppolicy
  - From: "Gustavo Mendes de Carvalho" <gmcarvalho@gmail.com>

Prev by Date: Re: ppolicy and syncrepl aclaration
Next by Date: Re: ldap_bind: Invalid credentials (49)
Index(es):
- Chronological
- Thread