[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Help with password policy



Le 29 mars 2012 04:46, Gabriella Turek <Gabriella.Turek@niwa.co.nz> a écrit :
> Setup: OpenLDAP 2.4 SUSE SLES11, chaining (read only) to an AD directory
>
> I've set up a simple default pwd policy and configured it in slapd.conf:
>
> - Included the schema /etc/openldap/schema/ppolicy.schema
>
> - Under my db configuration added the entries
> overlay ppolicy
> ppolicy_default         "cn=default,ou=pwpolicies,dc=niwa,dc=local"
>
> - The policy is simply:
> dn: cn=default,ou=pwpolicies,dc=example,dc=com
> cn: default
> …..
> pwdMinLength: 8
> pwdAllowUserChange: TRUE
>
> But when I run tests with too short a password the password still gets
> changed. No error messages.

Hi,

this can happen if:
* your are changing the password as rootdn (rootdn bypass password policy)
* you are changing the password by giving the SSHA value, which is
bigger than 8 characters

Clément.