[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP strong password enforcement

On Wed, 2005-12-14 at 08:33 -0600, Henderson, Ron wrote:
> Good morning all, 
> I am new to the list, and I am new to openldap. I am trying to use openldap as an user management tool to provide authentication to a distributed application. There are some here that really are pushing to use MS Active Directory, something I would like to avoid, however I need to enforce strong passwords. Is there any way to make openldap support the following password rules?
>        Password Generations, 
>        Restricted word list, 
>        Password composition rules (Upper, lower, digits, special, etc)  
>        Password change polices
>        Account enabled/disabled
>        Account locked out.
>        Failed login limit
>        Min password length
>        Max password length
>        Min Number char different from last
> Again I am sorry if my questions have been answered 100 times before. I tried to use the FAQ-A-Matic and did not find anything, and I am under a time crunch to get answers. Can any of you help me out?

Hi Ron,

You can use the password policy overlay to enforce password policy in
OpenLDAP. To enable it compile OpenLDAP with the option

slapo-ppolicy in OpenLDAP offers only some of the password control
mechanisms you are looking for:
	- password change policy
	- account locked out
	- failed login limit
	- min password length

Please look at the slapo-ppolicy manpage for more information:

For the other rules you would need to use third party software in
conjunction with OpenLDAP, e.g. P-Synch from M-Tech.

Hope this helps.