[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy questions

To: openldap-technical@openldap.org
Subject: Re: Password policy questions
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Fri, 6 Jun 2008 16:00:36 +0200
Cc: Vincent Panel <yohonet@gmail.com>
Content-disposition: inline
In-reply-to: <15116fd10806060541i7ce185c5sb64c50e6580d34b2@mail.gmail.com>
References: <15116fd10806060541i7ce185c5sb64c50e6580d34b2@mail.gmail.com>
User-agent: KMail/1.9.7

On Friday 06 June 2008 14:41:42 Vincent Panel wrote:
> Hi list,
>
> I'd like to do something rather simple (at least to me) with password
> policy : * Ensure the userPassword is 6 characters long at least
> * Ensure there's at least onenumber
> * Ensure there's at least one uppercase character
>
> I found out my first condition can be set by using the pwdMinLength
> attribute and the ppolicy overlay, but what should I do for the other
> two ? If it implies using pwdCheckModule and writing a C function and
> plugging it into openldap then I find it  rather difficult for an ldap
> administrator just wanting to enforce policies...

http://www.openldap.org/lists/openldap-technical/200804/msg00170.html

> Is there any plan to make things easier, like having openldap
> providing 2 or 3 default C functions for this module ?

IMHO it would be worthwhile providing some modules by default.

> Finally, why is it taking so long for the IETF to approve the ppolicy
> draft published in 2001 ? Has the effort been abandonned ?

AFAIK there is a new draft ...

Regards,
Buchan

Follow-Ups:
- Re: Password policy questions
  - From: "Vincent Panel" <yohonet@gmail.com>

References:
- Password policy questions
  - From: "Vincent Panel" <yohonet@gmail.com>

Prev by Date: can syncrepl do this?
Next by Date: Trouble authenticating using OSX 10.4 and Openldap 2.4
Index(es):
- Chronological
- Thread