[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re: ACL and Password Policy

To: Esteban Pereira <esteban.pereira@gepsit.fr>
Subject: Re: Re: ACL and Password Policy
From: Clément OUDOT <clem.oudot@gmail.com>
Date: Tue, 26 Nov 2013 10:31:18 +0100
Cc: mahao_boy <mahao_boy@163.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>, Michael Proto <michael.proto@tstllc.net>, Aleksander Dzierżanowski <olo@e-lista.pl>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=bm6x56GY9I5sn4Y7MSfiowadLQ6QMSbGcT7Lqfdp7Ms=; b=Inx6d2ejkmp5Wt1p8vXGFAcfP1GFt0V8w8bw3Atzo2q6QPxAixVyJS5BngMPlmZaKG 2WWCwCTBm//CXMzwXhEVvtZ6deNv4nUpUDcPkCiz4lu/w4xH2P5yVzgqS5PpfYhfI/Lc R0r2JrGH75rIdjahgEzpQLBrye6dwftq9wiAp1tH2Zf7OGTO374jQWdJXnfyJF4xLlET /RUZDbTPbajzZGsMUO6NddLXTi+siosJS2NDahwZh6zgRmUACXyQXJnxkeu9KVAqV9s+ wbZ8YHsnomzIIBeHZUf2KTmP49olFlGldXs4HLSmGWPrjXtYT3x7W+WeBdXqI+SIjL/k Q78A==
In-reply-to: <CAMpJgV3fmBRG3voBdnWvFQ5eTKzv1o1Hgqc1C3hWGQRw80T6zw@mail.gmail.com>
References: <AAE2F05D-6B9E-4DB1-B933-4DC94B88F371@e-lista.pl> <CABbu4yZ94UnRdtkHAcYXJj7E_jL5i-o08KSiUqCSvduLiyGRYw@mail.gmail.com> <39f64b3f.21704.142936ea609.Coremail.mahao_boy@163.com> <CAMpJgV3fmBRG3voBdnWvFQ5eTKzv1o1Hgqc1C3hWGQRw80T6zw@mail.gmail.com>

2013/11/26 Esteban Pereira <esteban.pereira@gepsit.fr>:
> For the first question, Michael already answer you
>
> For the second, could you give us more information, for example, how do you
> modify the password. I don't think so, but to remove any doubt, do you
> modify the password with a ldapmodify request on the userpassword? or with
> the extended operation to modify password which will follow the ppolicy
> constraints (which ldapmodify don't take into account)


Password policy works with ldapmodify and extended password
modification operation.

If the min length constraint does not work, it may be because you are
sending to LDAP the SSHA encoded value in modification. In this case,
the password policy overlay cannot check the size.

Other point, the password policy is bypassed by the rootdn. You have
to change the password with another account.

Clément.

References:
- ACL and Password Policy
  - From: Aleksander DzierÅanowski <olo@e-lista.pl>
- Re: ACL and Password Policy
  - From: Michael Proto <michael.proto@tstllc.net>
- Re:Re: ACL and Password Policy
  - From: mahao_boy <mahao_boy@163.com>
- Re: Re: ACL and Password Policy
  - From: Esteban Pereira <esteban.pereira@gepsit.fr>

Prev by Date: Re: Re: ACL and Password Policy
Next by Date: Re: ACL and Password Policy
Index(es):
- Chronological
- Thread