[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Tightening up ppolicy

--On Tuesday, May 01, 2012 4:20 PM -0700 "Kline, Sara" <SKline@tnsi.com> wrote:

We are using ppolicy to manage the password policy on our LDAP server. It
at least checks the minimum length and the minimum amount of time needed
before a person can change their password again, but is there a way to
get it to check for  upper case, lower case, numbers, etc? We need to
force our users to make complex passwords.



This attribute names a user-defined loadable module that must instanti- ate the check_password() function. This function will be called to further check a new password if pwdCheckQuality is set to one (1) or two (2), after all of the built-in password compliance checks have been passed. This function will be called according to this function proto-
	   int check_password (char *pPasswd, char **ppErrStr, Entry *pEntry);
The pPasswd parameter contains the clear-text user password, the ppErrStr parameter contains a double pointer that allows the function to return human-readable details about any error it encounters. The optional pEntry parameter, if non-NULL, carries a pointer to the entry whose password is being checked. If ppErrStr is NULL, then funcName must NOT attempt to use it/them. A return value of LDAP_SUCCESS from the called function indicates that the password is ok, any other value indicates that the password is unacceptable. If the password is unac- ceptable, the server will return an error to the client, and ppErrStr may be used to return a human-readable textual explanation of the error. The error string must be dynamically allocated as it will be
      free()'d by slapd.

	      NAME 'pwdCheckModule'
	      EQUALITY caseExactIA5Match

Note: The user-defined loadable module named by pwdCheckModule must be
      in slapd's standard executable search PATH.

Note: pwdCheckModule is a non-standard extension to the LDAP password
      policy proposal.



Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
Zimbra ::  the leader in open source messaging and collaboration