[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password change problem after adding ppolicy



To help troubleshoot ppolicy issue, I set a client binding to provider
directly. So far my tests show following attributes work as expected:

pwdLockout
pwdLockoutDuration
pwdMinAge
pwdMaxAge
pwdGraceAuthnLimit
pwdAllowUserChange
pwdMaxFailure


Following does not work for some reason:

pwdInHistory                    ppolicy does not check whether an old
password exist in history or not; or maybe old password was not even
being saved

pwdCheckQuality           can only be set to 1 or disable it. This leads
me to believe password syntax check does not work on server. This is
confirmed with pwdMinLength failing to block password less than
                                             specified number of
characters. Does it take an external module for pwdCheckQuality to work?
or some built-in function with slapd supposed to take care of it?

pwdExpireWarning         does not send out warning message to user about
password expiration. What else is required to make this feature working?

pwdMinLength                 does not work.

pwdSafeModify               does not work if set to TRUE.  How should
one configure an client to send both existing and new password to provider?


Does anyone make above attributes working? Can you share your experience
if you do?

Simon

> 1. *Change pwdCheckQuality from default 2 to 1. Does this attribute
> require check_password module to work? 2.3.35 does not seem including
> this module. Where can I find it?
>
> 2. **Change pwdSafeModify from TRUE to FALSE. How to configure a
> consumer's chain overlay to send both existing and new password to
> provider at the same time?
>