[Date Prev][Date Next]
Re: Tightening up ppolicy
--On Tuesday, May 01, 2012 4:20 PM -0700 "Kline, Sara" <SKline@tnsi.com>
We are using ppolicy to manage the password policy on our LDAP server. It
at least checks the minimum length and the minimum amount of time needed
before a person can change their password again, but is there a way to
get it to check for upper case, lower case, numbers, etc? We need to
force our users to make complex passwords.
This attribute names a user-defined loadable module that must
ate the check_password() function. This function will be called
further check a new password if pwdCheckQuality is set to one (1)
two (2), after all of the built-in password compliance checks have
passed. This function will be called according to this function
int check_password (char *pPasswd, char **ppErrStr, Entry *pEntry);
The pPasswd parameter contains the clear-text user password,
ppErrStr parameter contains a double pointer that allows the
to return human-readable details about any error it encounters.
optional pEntry parameter, if non-NULL, carries a pointer to the
whose password is being checked. If ppErrStr is NULL, then
must NOT attempt to use it/them. A return value of LDAP_SUCCESS
the called function indicates that the password is ok, any other
indicates that the password is unacceptable. If the password is
ceptable, the server will return an error to the client, and
may be used to return a human-readable textual explanation of
error. The error string must be dynamically allocated as it will
free()'d by slapd.
Note: The user-defined loadable module named by pwdCheckModule must
in slapd's standard executable search PATH.
Note: pwdCheckModule is a non-standard extension to the LDAP
Sr. Member of Technical Staff
A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration