[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Inquiry Regarding Force Change Password

To: openldap-software@openldap.org
Subject: Re: Inquiry Regarding Force Change Password
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Mon, 4 May 2009 15:12:01 +0200
Cc: Carlo Camerino <cmcamerino@gmail.com>
Content-disposition: inline
In-reply-to: <37cc2c090905021616v49bffb89y9fe8fae678c18bee@mail.gmail.com>
References: <37cc2c090905021616v49bffb89y9fe8fae678c18bee@mail.gmail.com>
User-agent: KMail/1.11.2 (Linux/2.6.29.1-desktop-4mnb; KDE/4.2.2; x86_64; ; )

On Sunday 03 May 2009 01:16:20 Carlo Camerino wrote:
> Hi Everyone,
>
> I'm new to openldap and was just wondering if OpenLDAP implements force
> change password policy?

Please see 'man slapo-ppolicy'.

> Does it expire the password of the user after a specified number of days?

It can. See above.

> Also can I specify a list of commonly used passwords so that users cannot
> use it?

Not out-the-box, but there is a module that can be used as a 'pwdCheckModule' 
that can do this, see http://open.calivia.com/projects/openldap . (This is 
shipped in some Linux distributions). If compiled with cracklib support, it 
will check the cracklib dictionaries (not strictly a "list of commonly used 
passwords").

Regards,
Buchan

References:
- Inquiry Regarding Force Change Password
  - From: Carlo Camerino <cmcamerino@gmail.com>

Prev by Date: Re: openldap2.4.16 and BDB4.7 not sync configured as provider/consumer
Next by Date: Re: sync problem
Index(es):
- Chronological
- Thread