On Mon, Oct 11, 2010 at 7:08 PM, Christian Manal < [email protected]> wrote:
> Am 11.10.2010 15:25, schrieb Meghanand Acharekar: > > On Mon, Oct 11, 2010 at 6:42 PM, Christian Manal < > > [email protected]> wrote: > > > >> Am 11.10.2010 14:41, schrieb Meghanand Acharekar: > >>> Hi, > >>> > >>> I am using ppolicy overlay to enforce password policies. > >>> Following is my ppolicy configuration/ldif. > >>> > >>> dn: cn=policies,dc=example,dc=com > >>> objectClass: top > >>> objectClass: device > >>> objectClass: pwdPolicy > >>> cn: policies > >>> pwdAttribute: userPassword > >>> pwdMaxAge: 7516800 > >>> pwdExpireWarning: 432000 > >>> pwdInHistory: 6 > >>> pwdCheckQuality: 1 > >>> pwdMinLength: 8 > >>> pwdMaxFailure: 4 > >>> pwdLockout: TRUE > >>> pwdLockoutDuration: 1920 > >>> pwdGraceAuthNLimit: 0 > >>> pwdFailureCountInterval: 0 > >>> pwdMustChange: TRUE > >>> pwdAllowUserChange: TRUE > >>> pwdSafeModify: FALSE > >>> > >>> while changing password on first login I got following error. > >>> > >>> WARNING: Your password has expired. > >>> You must change your password now and login again! > >>> Changing password for user prasad. > >>> Enter login(LDAP) password: > >>> New UNIX password: > >>> Retype new UNIX password: > >>> LDAP password information update failed: Constraint violation > >>> Password is too young to change > >>> passwd: Permission denied > >>> Connection to myhost closed. > >>> > >>> Thanks in advance > >>> Meghanand N Acharekar. > >>> > >> > >> > >> Hi, > >> > >> when you set 'pwdCheckQuality: 1', you require a module to actually > >> check the quality of the password. See slapo-ppolicy(5) and look at the > >> pwdPolicyChecker/pwdCheckModule parts. > >> > >> > >> > > Hello > > > > After setting pwdReset TRUE in user attribute, i'm getting another error. > > > > LDAP password information update failed: Constraint violation > > Password fails quality checking policy > > passwd: Permission denied > > Connection to myhost closed. > > > > Is it mandatory to use this module if we want to enforce password > policies. > > Any idea. > > > > > >> Regards, > >> Christian Manal > >> > > > > The 'Constraint violation' error means, that the new password does not > conform to the quality requirements, or in your case, the quality could > not be verified at all. As I said, if you want to use > > pwdCheckQuality: 1 > > you *need* a pwdCheckModule to run the password through, or you will > always get a constraint violation. > > Okies, if I use simple password it prompts me as follows. WARNING: Your password has expired. You must change your password now and login again! Changing password for user test Enter login(LDAP) password: New UNIX password: BAD PASSWORD: it does not contain enough DIFFERENT characters New UNIX password: BAD PASSWORD: it is based on a dictionary word New UNIX password: Retype new UNIX password: LDAP password information update failed: Constraint violation Password fails quality checking policy By the way I found check_password.c file here https://ltb-project.org/svn/openldap-ppolicy-check-password/trunk/ I will compile it to generate check_password.so file and update you. > Regards, > Christian Manal >
