2013/2/27 Jonathan Disher <[email protected]>: > I have an Ubuntu box running OpenLDAP 2.4.28 and the ppolicy overlay > configured, and I'm trying to use check_password to validate password > complexity. For some reason, it doesn't look like it is even getting > executed. When I try to change my password to something that should be > valid, I get this (I'm running slapd by hand in –d any mode): > > 512e5428 send_ldap_result: conn=1008 op=2 p=3 > 512e5428 send_ldap_result: err=19 matched="" text="Password fails quality > checking policy" > 512e5428 send_ldap_response: msgid=3 tag=103 err=19 > > However, I get no logging from check_password.so anywhere, not in syslog, > not to the console, even though I compiled it with –DDEBUG. > > My config file is: > > useCracklib 1 > minPoints 3 > minUpper 0 > minLower 0 > minDigit 0 > minPunct 0 > > My password policy is: > > dn: cn=default,ou=policies,dc=bluekai,dc=com > cn: default > objectClass: device > objectClass: pwdPolicy > objectClass: pwdPolicyChecker > objectClass: top > pwdAllowUserChange: TRUE > pwdAttribute: userPassword > pwdCheckModule: check_password.so > pwdCheckQuality: 2 > pwdMustChange: TRUE > structuralObjectClass: device > pwdSafeModify: FALSE > pwdLockout: TRUE > pwdLockoutDuration: 3600 > pwdMaxFailure: 5 > pwdFailureCountInterval: 600 > pwdMinLength: 8 > > One of the passwords I tried to use, fwiw, is 'Pa55w0rd', which should be > valid. I also tried to use a bunch of other, longer, more complicated > passwords. > > Any ideas?
You should check if check_password.so is executable by OpenLDAP user, and check the module_path (or olcModulePatch) OpenLDAP configuration parameter. Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
