Hello Clement, 18.02.2011 13:28, Clément OUDOT writes: > Hello Konstantin, > > the rootdn bypass password policy, so do not use rootdn in your > ldappasswd command.
Indeed, used the same dn in for authentication, password policy prevented wrong action. Thank you. Sincerely, Konstantin > > Cllément. > > 2011/2/18, Konstantin Boyandin <[email protected]>: >> Greetings, >> >> Given: OpenLDAP: 2.4.23, password policy module enabled, default >> password policy loaded as >> >> dn: cn=default,ou=Policies,dc=example,dc=com >> cn: default >> objectClass: pwdPolicy >> objectClass: person >> objectClass: top >> pwdAllowUserChange: TRUE >> pwdAttribute: userPassword >> pwdCheckQuality: 0 >> pwdExpireWarning: 600 >> pwdFailureCountInterval: 30 >> pwdGraceAuthNLimit: 5 >> pwdInHistory: 5 >> pwdLockout: TRUE >> pwdLockoutDuration: 30 >> pwdMaxAge: 7776000 >> pwdMaxFailure: 5 >> pwdMinAge: 0 >> pwdMinLength: 5 >> pwdMustChange: FALSE >> pwdSafeModify: FALSE >> sn: dummy value >> >> Authentication is set via LDAP (. >> The problem: when I try to set password via ldappassword, using command >> like this: >> >> ldappasswd -e ppolicy -W -x -D "cn=Manager,dc=example,dc=com" \ >> -H ldap://127.0.0.1/ -A -S "uid=testuser,ou=Users,dc=example,dc=com" >> >> it bypasses password policy settings - I can set the same password, can >> set the previously used password. It doesn't matter whether I specify >> '-e ppolicy' or not. >> >> However, when I try to change password with passwd (authentication is >> set via LDAP, /etc/ldap.conf contains 'pam_password exop'): >> >> passwd testuser >> >> the password policy restrictions are in effect. I am not allowed to set >> the same password, to set previous or similar password etc. >> >> Is it possible to make ldappaswd observe password policy restrictions? >> >> Thanks. >> Sincerely, >> Konstantin >>
