[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL and Password Policy

To: Aleksander Dzierżanowski <olo@e-lista.pl>
Subject: Re: ACL and Password Policy
From: Clément OUDOT <clem.oudot@gmail.com>
Date: Tue, 26 Nov 2013 11:04:06 +0100
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=lEtASsCTh0p1m7PnYaap/SR21uqfsey19qwYutAmKiI=; b=w1RmyeMMWxw4vOZZwKOE0HQetPYEiyctYZrl6JmN0M3DuEWGmcSecsikkn806Ju6fF +jjpdUvEdrEJoBpBZnJ5B3keWOtbMKApmiNDihedERUZPJ7D7hhNlKpmPS/Mxxf3S1ov Sw07nSvud9l54+pvtD0NgN/1kHoLip5t9ypWGu+uyEybSK87lfyDvS8hSGO0PX9tj6KR mN5DO9WHGya6/5cp7LUcjLBwtjTmo2d7cxIBrcHapRgQkX8sTE2Ss43GpRRWo3B+72Mi VawalDI5GMoVFBddAl2+o5wRbwhUoZ+igWFdTJ8lst/wAAD36VqvuzsrfRDpq3wDmz7k TugA==
In-reply-to: <40A120C2-E5F1-41C3-87B3-EB42FA69238C@e-lista.pl>
References: <AAE2F05D-6B9E-4DB1-B933-4DC94B88F371@e-lista.pl> <CABbu4yZ94UnRdtkHAcYXJj7E_jL5i-o08KSiUqCSvduLiyGRYw@mail.gmail.com> <39f64b3f.21704.142936ea609.Coremail.mahao_boy@163.com> <CAMpJgV3fmBRG3voBdnWvFQ5eTKzv1o1Hgqc1C3hWGQRw80T6zw@mail.gmail.com> <40A120C2-E5F1-41C3-87B3-EB42FA69238C@e-lista.pl>

2013/11/26 Aleksander DzierÅanowski <olo@e-lista.pl>:
> Thank you Esteban for your reply.
>
> I was missing pwdCheckQuality attribute in pwpolicy, which is mandatory to
> set - if not, length checks are not performed.
> Default value (if not set) for pwdCheckQuality in my opinion should be set
> to 1. Otherwise presence of pwdMinLength in policy can be confusing.
>


Set it to 2 if you want to reject SSHA passwords for which min length
can not be checked.


ClÃment.

References:
- ACL and Password Policy
  - From: Aleksander DzierÅanowski <olo@e-lista.pl>
- Re: ACL and Password Policy
  - From: Michael Proto <michael.proto@tstllc.net>
- Re:Re: ACL and Password Policy
  - From: mahao_boy <mahao_boy@163.com>
- Re: Re: ACL and Password Policy
  - From: Esteban Pereira <esteban.pereira@gepsit.fr>
- Re: ACL and Password Policy
  - From: Aleksander DzierÅanowski <olo@e-lista.pl>

Prev by Date: Re: ACL and Password Policy
Next by Date: Re: Openldap for proxy AD
Index(es):
- Chronological
- Thread