Re: pwcheck module for slapo-ppolicy

[Clément OUDOT <clem.oudot@gmail.com>]

2011/9/27 Lukas Grässlin <lukas.graesslin@collax.com>:
> Hi there,
>
> I wrote a new pwcheck module for the slapo-ppolicy overlay which is able to
> handle multiple different policies.
>
> My problem was:
>
> I have multiple password policies which are applied to different users.
> The policies differ in strength etc. The problem was that with the only
> pwcheck modul you can find on the net
> (https://ltb-project.org/svn/openldap-ppolicy-check-password/trunk/) you
> just define one 'policy-thing' which will be checked if check-password.so is
> run.
>
> I wanted to have something were you also can define multiple policies which
> also can differ, so I wrote my own module which reads two config files:
>
> $CONFDIR/ppolicies:
> There are the policies defined. Example:
>
> [Default]
> min_len     = 8
> min_digit   = 1
> min_lower   = 1
> min_special = 1
> min_upper   = 1
>
> $CONFDIR/users:
> These file holds the relation between users and policies:
>
> uid=lukas,ou=People,dc=example,dc=com : Default
>
> Well, it would have been nicer if that policy definition & co would also be
> stored in ldap, but the config-file-way was the faster one as it had to be
> finished quick.
>
> Whatever, maybe some of you could need this or improve it:
>
> http://dl.dropbox.com/u/32193848/pwcheck.tar.bz2
>
> You have to build it within ldap (like the old one). So put it there:
> $ldapsrcdir/contrib/slapd-modules


Hello Lukas,

nice improvement. I saw you rewrite all the thing, was there no
possibility to patch the LTB module? I would be happy if you
contribute it on the LDAP Tool Box project.


Clément.