Re: ppolicy not verifying password length (not active !!)

To: Rodrigo Coutinho <Rodrigo.Coutinho@ifap.pt>

Subject: Re: ppolicy not verifying password length (not active !!)

From: Clément OUDOT <clem.oudot@gmail.com>

Date: Wed, 5 Mar 2014 11:50:00 +0100

Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=s3t4V5rdgrqlWdHhlZJc7gSCXyPfZ+6pAZerSV3uttA=; b=AD6tV5XLaozrYar9axqus/nW1sPg3xkUrWsrIF4QBEZZq3RfZazsdbhhRRp95UU9bu f0yTIEpip9UhGsj7JO8zdc1AX6VaIiAVSB9grRjGQiEEo0uHhCq+y7/sIZMjO2Cdcy6R ssocPnoDrXSh+T/N0B9GwMx4rRRmP+3F0ES7Jq7sGQ+oy9ZaFUfSkMWwRZWlswi3r2px DI5YkHKQfGHh08wg/XSmIuaQTfKXpGaFTBR+eGjxNz2XUN170l+wPMmscJUqKn7HLdSS q9bcdDDM0nKj6cchw6xqH365IMPkZQASbFGHad15hqSqHfOUF02JvEgEY3M4ZsY72xwh Xgvg==

In-reply-to: <A4F542D25A8F5D4BA49A8F3BAEC8F07E05769631@singan07.inga.pt>

References: <A4F542D25A8F5D4BA49A8F3BAEC8F07E05769631@singan07.inga.pt>

2014-03-05 11:29 GMT+01:00 Rodrigo Coutinho <Rodrigo.Coutinho@ifap.pt>:

Hi,

I've installed the ppolicy overlay (static), included the shema, loaded the policy to the directory and define it as the default policy.

However, to check the policy I've changed a user's password, below the minimum length specified by the policy, and no error was issued.

I've used ldappasswd and Apache Directory Studio to change it and none issued no error. Although I did it with the root user, I suppose the policy

should issue an error just the same, because I was changing another user's password.

What am I missing, here ?

The root user is not affected by ppolicy. Change the password as user.

Clément.