2013/4/10 D C <[email protected]> > Fair enough. now I'm updated > $ rpm -qa |grep openldap > openldap-ltb-2.4.35-1.el6.x86_64 > openldap-ltb-check-password-1.1-8.el6.x86_64 > > I dumped and reimported my database, and tried agian. I dont see any > difference. > > TESTS: RESULT: > > pwdSafeModify: FALSE PASS: Message: LDAP password information > update failed: Insufficient access. Must supply old password to be > changed as well as new one > pwdAllowUserChange: FALSE PASS: Message: LDAP password information > update failed: Insufficient access. User alteration of password is not > allowed > pwdMaxAge: 300 Not Tested. > pwdExpireWarning: 10 Not Tested. > pwdInHistory: 3 FAIL: I can still flip between 2 passwords > pwdMinLength: 12 FAIL: I can still set a 6 char password > pwdMustChange: FAIL: I am not forced to change passwd. > pwdMaxFailure: 2 FAIL: Still allowed in after 3 failures > > > >
Several points: * Do not use rootdn account to test ppolicy (rootdn bypass ppolicy) * Do not hash password before modifying it (password in SSHA cannot be verified against min size for example) * What client do you use to test? Clément.
