Hi, I am trying to set up a password policy on my ApacheDS instance to enable minimum length check. I changed the minimum length from default of 5 to 7. This is my password policy ldif:
*dn: ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config* *objectClass: top* *objectClass: ads-base* *objectClass: ads-passwordPolicy* *ads-pwdId: default* *ads-pwdSafeModify: FALSE* *ads-pwdMaxAge: 0* *ads-pwdFailureCountInterval: 30* *ads-pwdAttribute: userPassword* *ads-pwdMaxFailure: 5* *ads-pwdLockout: TRUE* *ads-pwdMustChange: FALSE* *ads-pwdLockoutDuration: 0* *ads-pwdMinLength: 5* *ads-pwdInHistory: 5* *ads-pwdExpireWarning: 600* *ads-pwdMinAge: 0* *ads-pwdAllowUserChange: TRUE* *ads-pwdGraceAuthNLimit: 5* *ads-pwdCheckQuality: 1* *ads-pwdMaxLength: 0 * *ads-pwdGraceExpire: 0* *ads-pwdMinDelay: 0* *ads-pwdMaxDelay: 0* *ads-pwdMaxIdle: 0* *ads-pwdValidator: org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator* *ads-enabled: TRUE* I then import a user into the server using Apache Directory Studio. Despite the password not meeting the min length criteria, the user gets added successfully: *#!RESULT OK* *#!CONNECTION ldap://localhost:10389* *#!DATE 2014-05-13T10:19:54.095* *dn: uid=SHolmes,ou=people,dc=example,dc=com* *changetype: add* *mail: [email protected] <[email protected]>* *uid: SHolmes* *userPassword: pass* *givenname: Sherlock* *description: SHolmes* *objectclass: person* *objectclass: organizationalPerson* *objectclass: inetOrgPerson* *objectclass: top* *sn: Holmes* *cn: SHolmes* Could you pl help me in understanding what I am doing wrong? Thanks.
