[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy pwdMinLenght, pwdAccountLockedTime and pwdLockoutDuration don't work as supposed

To: Theo Alves <supershow@gmail.com>
Subject: Re: ppolicy pwdMinLenght, pwdAccountLockedTime and pwdLockoutDuration don't work as supposed
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 18 Mar 2011 15:03:18 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <AANLkTin_f7x=YU61tjDX_qdp6BiXqXOyA3YY76SKJPA1@mail.gmail.com>
References: <AANLkTin_f7x=YU61tjDX_qdp6BiXqXOyA3YY76SKJPA1@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.17) Gecko/20110123 Lightning/1.0b1 SeaMonkey/2.0.12

Theo Alves wrote:
> [..] when an user access
> ldap by python the ppolicy pwdMinLenght doesn't work. The user can
> freely put a password too short. That doesn't happen when using passwd.
> Check out the python code snip:
> 
> import ldap
> dn = 'uid=%s,ou=People,dc=example,dc=com' % 'user1'
> con = ldap.initialize('ldapi:///')
> con.bind_s(dn, raw_input('Password: ')) #getting the present password
> con.passwd_s(dn, None, '1')
> 
>    The to default_ppolicy entry pwdMinLenght is setted to 5, even so the
> code above works to regular users and they can put passwords too short.

The code above does mainly what ldappasswd does: It sends Password Modify
extended operation request. Not sure what 'passwd' (via pam_ldap) does in your
case.

Ciao, Michael.

References:
- ppolicy pwdMinLenght, pwdAccountLockedTime and pwdLockoutDuration don't work as supposed
  - From: Theo Alves <supershow@gmail.com>

Prev by Date: Re: Understanding back_perl SampleLDAP.pm
Next by Date: Re: OpenLDAP migration from 2.3 to 2.4
Index(es):
- Chronological
- Thread