[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password change and ppolicy

Hi Tizo,

Suposed that your users has to login in some linux/Unix machine using their
LDAP accounts, I sugest you to create some binary or script to allow your
users to change their passwords invoking ldappasswd command.

I mean, you can create a C program or shell script or even a PHP page, to
validate some weaks in their passwords, like min length, capital letters,
numbers, and so on.

After that, you can call ldappasswd command with all parameters (using
system() call in a C source code) to change it.
I know that this is not an elegant option, but it works.

Let me know if it works for you that I can post my C source code here to
help you there.

See you


Date: Wed, 10 Jun 2009 18:54:14 -0300
From: tizo <tizone@gmail.com>
Subject: Re: password change and ppolicy
To: openldap-technical@openldap.org
Content-Type: text/plain; charset="utf-8"

On Tue, Jun 9, 2009 at 12:12 PM, tizo <tizone@gmail.com> wrote:

> Before starting this, I have been testing password changing with
> phpLDAPAdmin. The fact is that I could only change a user password with
> clear text. I guess that this behaviour happens because we have
> pwdCheckQulity setting in 2 in our default password policy. So, when the
> client (phpLDAPAdmin) tries to modify the password enconding it, the
> (OpenLDAP) cannot check the min length of the password, as it is encoded,
> and then fails. I am guessing too, that phpLDAPAdmin is performing a
> modify operation to change the password, as it is stored in clear text. On
> the other hand, I could change passwords with ldappasswd withouth problem,
> and they are stored with SSHA. I know that this command uses RFC 3062.
> tizo