[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Tightening up ppolicy



On Tue, 1 May 2012, Kline, Sara wrote:

I am not a programmer. I am just starting to learn Perl, but am not much beyond Hello World. Does anyone have an example that I could work from? I have some very rudimentary programming skills in a few languages but I have not found any examples online thus far that look like what I need.

This project is licensed under the OpenLDAP Public License (so it's
hopefully compatible with your organization's philosophy if you're already
using slapd) and might be a starting point:

http://open.calivia.com/projects/openldap

blog entry with config file details:

http://www.calivia.com/blog/mike/openldap-check_password-password-policy-module



Another example is found in OpenLDAP ITS #6884.

I've used neither of these options and cannot vouch for (nor against) them in any way.

Thanks,
Sara Kline


-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com]
Sent: Tuesday, May 01, 2012 4:42 PM
To: Kline, Sara; openldap-technical@openldap.org
Subject: RE: Tightening up ppolicy

--On Tuesday, May 01, 2012 4:39 PM -0700 "Kline, Sara" <SKline@tnsi.com>
wrote:

I saw this in the ppolicy pages but was unsure of how to use it? I
understand that I can use pwdCheckModule and even how to turn it on,
but I am uncertain as to how to actually tell it that we want to have
for example, one upper case, one lower case and one numeral. Has
anybody done that?

You write a checking module, and in that module, you do the strength tests that you require.  As noted in the text from the man page.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

This e-mail message is for the sole use of the intended recipient(s)and may
contain confidential and privileged information of Transaction Network Services.
Any unauthorised review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.