Am 11.10.2010 15:25, schrieb Meghanand Acharekar: > On Mon, Oct 11, 2010 at 6:42 PM, Christian Manal < > [email protected]> wrote: > >> Am 11.10.2010 14:41, schrieb Meghanand Acharekar: >>> Hi, >>> >>> I am using ppolicy overlay to enforce password policies. >>> Following is my ppolicy configuration/ldif. >>> >>> dn: cn=policies,dc=example,dc=com >>> objectClass: top >>> objectClass: device >>> objectClass: pwdPolicy >>> cn: policies >>> pwdAttribute: userPassword >>> pwdMaxAge: 7516800 >>> pwdExpireWarning: 432000 >>> pwdInHistory: 6 >>> pwdCheckQuality: 1 >>> pwdMinLength: 8 >>> pwdMaxFailure: 4 >>> pwdLockout: TRUE >>> pwdLockoutDuration: 1920 >>> pwdGraceAuthNLimit: 0 >>> pwdFailureCountInterval: 0 >>> pwdMustChange: TRUE >>> pwdAllowUserChange: TRUE >>> pwdSafeModify: FALSE >>> >>> while changing password on first login I got following error. >>> >>> WARNING: Your password has expired. >>> You must change your password now and login again! >>> Changing password for user prasad. >>> Enter login(LDAP) password: >>> New UNIX password: >>> Retype new UNIX password: >>> LDAP password information update failed: Constraint violation >>> Password is too young to change >>> passwd: Permission denied >>> Connection to myhost closed. >>> >>> Thanks in advance >>> Meghanand N Acharekar. >>> >> >> >> Hi, >> >> when you set 'pwdCheckQuality: 1', you require a module to actually >> check the quality of the password. See slapo-ppolicy(5) and look at the >> pwdPolicyChecker/pwdCheckModule parts. >> >> >> > Hello > > After setting pwdReset TRUE in user attribute, i'm getting another error. > > LDAP password information update failed: Constraint violation > Password fails quality checking policy > passwd: Permission denied > Connection to myhost closed. > > Is it mandatory to use this module if we want to enforce password policies. > Any idea. > > >> Regards, >> Christian Manal >> >
The 'Constraint violation' error means, that the new password does not conform to the quality requirements, or in your case, the quality could not be verified at all. As I said, if you want to use pwdCheckQuality: 1 you *need* a pwdCheckModule to run the password through, or you will always get a constraint violation. Regards, Christian Manal
