[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7004) ppolicy pwdCheckQuality constraint prevents from changing userPassword, even if pwdPolicySubentry is removed in the same modify operation

To: openldap-its@OpenLDAP.org
Subject: (ITS#7004) ppolicy pwdCheckQuality constraint prevents from changing userPassword, even if pwdPolicySubentry is removed in the same modify operation
From: clem.oudot@gmail.com
Date: Wed, 27 Jul 2011 15:15:07 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Clément OUDOT
Version: 2.4.26
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (90.9.0.93)


I have a piece of code that does this singel modify operation on OpenLDAP:
* remove pwdPolicySubentry value
* replace userPassword value

My password policy has pwdCheckQuality set to 2 (strict checking). My new
userPassword value is {SASL}bob@example.com. But the modify operation failed
with:

conn=1058 op=100 RESULT tag=103 err=19 text=Password fails quality checking
policy


I was thinking than removing the pwdPolicySubentry was sufficient to disable all
ppolicy constraint on the userPassword replacement in the same modify operation.
Am I wrong or do I face a ppolicy overlay bug?

Prev by Date: (ITS#7003) Document typo
Next by Date: Re: (ITS#7004) ppolicy pwdCheckQuality constraint prevents from changing userPassword, even if pwdPolicySubentry is removed in the same modify operation
Index(es):
- Chronological
- Thread