The configuration is correct. Make sure that you are not adding this entry as an administrator, password policy is not enforced when an administrator adds or modifies a password
On Tue, May 13, 2014 at 3:52 PM, Sathya S <[email protected]> wrote: > Hi, > > I am trying to set up a password policy on my ApacheDS instance to enable > minimum length check. I changed the minimum length from default of 5 to 7. > This is my password policy ldif: > > *dn: > > ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config* > *objectClass: top* > *objectClass: ads-base* > *objectClass: ads-passwordPolicy* > *ads-pwdId: default* > *ads-pwdSafeModify: FALSE* > *ads-pwdMaxAge: 0* > *ads-pwdFailureCountInterval: 30* > *ads-pwdAttribute: userPassword* > *ads-pwdMaxFailure: 5* > *ads-pwdLockout: TRUE* > *ads-pwdMustChange: FALSE* > *ads-pwdLockoutDuration: 0* > *ads-pwdMinLength: 5* > *ads-pwdInHistory: 5* > *ads-pwdExpireWarning: 600* > *ads-pwdMinAge: 0* > *ads-pwdAllowUserChange: TRUE* > *ads-pwdGraceAuthNLimit: 5* > *ads-pwdCheckQuality: 1* > *ads-pwdMaxLength: 0 * > *ads-pwdGraceExpire: 0* > *ads-pwdMinDelay: 0* > *ads-pwdMaxDelay: 0* > *ads-pwdMaxIdle: 0* > *ads-pwdValidator: > > org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator* > *ads-enabled: TRUE* > > I then import a user into the server using Apache Directory Studio. Despite > the password not meeting the min length criteria, the user gets added > successfully: > > *#!RESULT OK* > *#!CONNECTION ldap://localhost:10389* > *#!DATE 2014-05-13T10:19:54.095* > *dn: uid=SHolmes,ou=people,dc=example,dc=com* > *changetype: add* > *mail: [email protected] <[email protected]>* > *uid: SHolmes* > *userPassword: pass* > *givenname: Sherlock* > *description: SHolmes* > *objectclass: person* > *objectclass: organizationalPerson* > *objectclass: inetOrgPerson* > *objectclass: top* > *sn: Holmes* > *cn: SHolmes* > > Could you pl help me in understanding what I am doing wrong? > > Thanks. > -- Kiran Ayyagari http://keydap.com
