[Date Prev][Date Next] [Chronological] [Thread] [Top]

[ldapext] ppolicy questions

Good day,

I have some questions regarding draft-behera-ldap-password-policy-08.txt.

1. Do you know if it has been standardized or updated yet?
2.In pwdCheckQuality, it says  it is still in TODO list.. Do you know how to enforce the minimum included characters like it must have Upper, lower, number, special characters without administrator intervention? Sure, I can use some random password generation tools to enforce these requirements but I'm thinking a lot of negative implications..

3. how does expiration warning shown to the user?? Let's say, I would do an ldapsearch in the commandline and do a simple bind... it didn't tell me if my password is about to expire even if I run it in verbose mode..

4. What if in pwdMustChange, the user did not change his password after initial bind or reset by administrator?? What will happen?? The attribute explanation doesn't say anything about this....

5. How to send old password when changing to a new password(pwdSafeModify)??
I've looked into ldapmodify and found nothing about this.
My file looks like this:

dn: uid=jayson,ou=people,o=example,dc=com
changetype: modify
replace: userPassword
userPassword: {SSHA}g/pfweYQQRtYFxVGwhn8xnCCEcY0rDTDQ

On ldapmodify operation, I got this error:
ldap_modify: Insufficient access (50)
        additional info: Must supply old password to be changed as well as new one



That's all for now, thanks!
-jay

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com 

_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext