Full_Name: Lukas Gr�sslin Version: Latest Git OS: Arch Linux URL: http://dl.dropbox.com/u/32193848/src/0001-Added-pwcheck-module-for-the-slapo-ppolicy-overlay.patch Submission from: (NULL) (88.67.244.45) Hi there, I wrote a new pwcheck module for the slapo-ppolicy overlay which is able to handle multiple different policies. My problem was: I have multiple password policies which are applied to different users. The policies differ in strength etc. The problem was that with the only pwcheck modul you can find on the net (https://ltb-project.org/svn/openldap-ppolicy-check-password/trunk/) you just define one 'policy-thing' which will be checked if check-password.so is run. I wanted to have something were you also can define multiple policies which also can differ, so I wrote my own module which reads two config files: $CONFDIR/ppolicies: There are the policies defined. Example: [Default] min_len = 8 min_digit = 1 min_lower = 1 min_special = 1 min_upper = 1 $CONFDIR/users: These file holds the relation between users and policies: uid=lukas,ou=People,dc=example,dc=com : Default Well, it would have been nicer if that policy definition & co would also be stored in ldap, but the config-file-way was the faster one as it had to be finished quick. Whatever, maybe some of you could need this or improve it.
patch provided?
changed notes moved from Incoming to Software Enhancements
Sadly this patch was not uploaded to the OpenLDAP ftp server, and appears to be lost. Perhaps the author, if still in existence, can find the patch and attach it to this bug. If so, we will reopen it at that time.
Similar functionality is now present in 2.5 where an arbitrary octetString can be stored on a policy object's pwdCheckModuleArg attribute and is passed as an additional argument to check_password. https://git.openldap.org/openldap/openldap/-/blob/f4bfb5e0a53f831c42567f136e630f47d1f33f45/servers/slapd/overlays/ppolicy.c#L381 This should remove the need to scatter extra data outside the database.