[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PPolicy error.



Am 11.10.2010 14:41, schrieb Meghanand Acharekar:
> Hi,
> 
> I am using ppolicy overlay to enforce password policies.
> Following is my ppolicy configuration/ldif.
> 
> dn: cn=policies,dc=example,dc=com
> objectClass: top
> objectClass: device
> objectClass: pwdPolicy
> cn: policies
> pwdAttribute: userPassword
> pwdMaxAge: 7516800
> pwdExpireWarning: 432000
> pwdInHistory: 6
> pwdCheckQuality: 1
> pwdMinLength: 8
> pwdMaxFailure: 4
> pwdLockout: TRUE
> pwdLockoutDuration: 1920
> pwdGraceAuthNLimit: 0
> pwdFailureCountInterval: 0
> pwdMustChange: TRUE
> pwdAllowUserChange: TRUE
> pwdSafeModify: FALSE
> 
> while changing password on first login I got following error.
> 
> WARNING: Your password has expired.
> You must change your password now and login again!
> Changing password for user prasad.
> Enter login(LDAP) password:
> New UNIX password:
> Retype new UNIX password:
> LDAP password information update failed: Constraint violation
> Password is too young to change
> passwd: Permission denied
> Connection to myhost closed.
> 
> Thanks in advance
> Meghanand N Acharekar.
> 


Hi,

when you set 'pwdCheckQuality: 1', you require a module to actually
check the quality of the password. See slapo-ppolicy(5) and look at the
pwdPolicyChecker/pwdCheckModule parts.


Regards,
Christian Manal