https://bugs.openldap.org/show_bug.cgi?id=9740
--- Comment #8 from David Coutadeur <[email protected]> --- (In reply to Ondřej Kuzník from comment #5) > On Mon, Nov 08, 2021 at 02:51:43PM +0000, [email protected] wrote: > >> - you are not using pwdUseCheckModule - the module configured will not > >> actually be used even if dealing with plaintext passwords > > > > Yes, it seems working with this parameter set inside the default policy! > > > > I did'nt understand this parameter fully at first instance. > > > > This parameter is quite new, isn't it? (specific to 2.6 release?) IMO it is > > actually a big step in migration process. Maybe can you add this in the > > migration steps from 2.5 to 2.6. (it does not seem to be documented here for > > example: https://www.openldap.org/doc/admin26/guide.html#Migration) > > Yes and it has been documented in the upgrading section. How about these > changes to the admin guide: > https://git.openldap.org/openldap/openldap/-/merge_requests/440 > > >> That's already documented here: > >> https://git.openldap.org/openldap/openldap/-/blob/master/doc/man/man5/slapo-ppolicy.5#L645 > >> > >> Could you suggest any improvements to address whatever other confusion > >> you think exists? > > > > The extended module is described at multiple places in the manual. Maybe > > quote > > each time the minimum essential parameters implicated in the process? > > ie: > > - olcPPolicyCheckModule > > - pwdUseCheckModule > > - pwdCheckModuleArg > > The manpage is long enough even before we start duplicating things > unnecessarily. Trying to add in what you mention, I found everything was > already in the places I thought it was relevant and the links were > mostly there to link the concepts. The existence of this ITS suggests > you disagree, please suggest a different approach. > > Also note that it's up to the actual module whether pwdCheckModuleArg > is needed or not. As such we can only suggest what to do with it. > > > The first occurrence where it is missing is for example: > > > > ppolicy_check_module <path> > > Specify the path of a loadable module containing a > > check_password() function for additional password quality checks. The use of > > this module is described further below in the description of the > > pwdPolicyChecker > > objectclass. > > "The use of this module is described further below in the description of > the pwdPolicyChecker objectclass." > > Is there anything about this sentence that should be changed to make it > clearer after taking into account the change proposed in MR!441[0]. > > [0]. https://git.openldap.org/openldap/openldap/-/merge_requests/441 > > Thanks, Hi, Sorry for the late answer. I have read again the last version of slapo-ppolicy man page. Everything seems ok : each section is linked to each other. The attributes section (pwdUseCheckModule/pwdCheckModuleArg) defines all attributes at the same place and show how they work together. Thanks for the fix about the upgrade notes. Regards -- You are receiving this mail because: You are on the CC list for the issue.
