As far as I understand, everybody with write access to the userPassword
attribute can set this to any value.
In order to involve the ppolicy module you need to use extended
ldapmodify functionality (ldappasswd, ldapmodify -E ppolicy or a
properly configured passwd/PAM stack).
Am 24.06.22 um 16:59 schrieb [email protected]:
Hi,
I'm doing some testing on userPassword management actually with openldap
2.5.9
I noticed that I could MOD a userPassword without checking quality if my
admin role was "manage"
However, if I try to ADD a user with its attribute userPassword set,
then quality is checked although the role "manage"
ppolicy in both cases are the default one (policy subentry not set)
Is it normal behavior ?
Regards,
