[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ppolicy pwdMinLenght, pwdAccountLockedTime and pwdLockoutDuration don't work as supposed



Theo Alves wrote:
> [..] when an user access
> ldap by python the ppolicy pwdMinLenght doesn't work. The user can
> freely put a password too short. That doesn't happen when using passwd.
> Check out the python code snip:
> 
> import ldap
> dn = 'uid=%s,ou=People,dc=example,dc=com' % 'user1'
> con = ldap.initialize('ldapi:///')
> con.bind_s(dn, raw_input('Password: ')) #getting the present password
> con.passwd_s(dn, None, '1')
> 
>    The to default_ppolicy entry pwdMinLenght is setted to 5, even so the
> code above works to regular users and they can put passwords too short.

The code above does mainly what ldappasswd does: It sends Password Modify
extended operation request. Not sure what 'passwd' (via pam_ldap) does in your
case.

Ciao, Michael.