I have an Ubuntu box running OpenLDAP 2.4.28 and the ppolicy overlay configured, and I'm trying to use check_password to validate password complexity. For some reason, it doesn't look like it is even getting executed. When I try to change my password to something that should be valid, I get this (I'm running slapd by hand in –d any mode):
512e5428 send_ldap_result: conn=1008 op=2 p=3 512e5428 send_ldap_result: err=19 matched="" text="Password fails quality checking policy" 512e5428 send_ldap_response: msgid=3 tag=103 err=19 However, I get no logging from check_password.so anywhere, not in syslog, not to the console, even though I compiled it with –DDEBUG. My config file is: useCracklib 1 minPoints 3 minUpper 0 minLower 0 minDigit 0 minPunct 0 My password policy is: dn: cn=default,ou=policies,dc=bluekai,dc=com cn: default objectClass: device objectClass: pwdPolicy objectClass: pwdPolicyChecker objectClass: top pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckModule: check_password.so pwdCheckQuality: 2 pwdMustChange: TRUE structuralObjectClass: device pwdSafeModify: FALSE pwdLockout: TRUE pwdLockoutDuration: 3600 pwdMaxFailure: 5 pwdFailureCountInterval: 600 pwdMinLength: 8 One of the passwords I tried to use, fwiw, is 'Pa55w0rd', which should be valid. I also tried to use a bunch of other, longer, more complicated passwords. Any ideas? -j
_______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
