Thank you Kiran. Is this a change that has been recently introduced? I actually downgraded the server versions and found that this same configurations works fine till 2.0.0-M14 but is broken (or modified) in 2.0.0-M15.
Another question - what is the purpose of the ads-pwdValidator class? I wanted to impose additional checks on the password (alphanumeric + special characters) and as it didnt seem to be supported by ApacheDS, I thought extending the validator class may be the right approach. But I find that the class does not get called in at all. So curious to know the purpose of the ads-pwdValidator class and when it gets called in. Thanks. On Tue, May 13, 2014 at 8:19 PM, Kiran Ayyagari <[email protected]>wrote: > The configuration is correct. > > Make sure that you are not adding this entry as an administrator, password > policy is not > enforced when an administrator adds or modifies a password > > > On Tue, May 13, 2014 at 3:52 PM, Sathya S <[email protected]> wrote: > > > Hi, > > > > I am trying to set up a password policy on my ApacheDS instance to enable > > minimum length check. I changed the minimum length from default of 5 to > 7. > > This is my password policy ldif: > > > > *dn: > > > > > ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config* > > *objectClass: top* > > *objectClass: ads-base* > > *objectClass: ads-passwordPolicy* > > *ads-pwdId: default* > > *ads-pwdSafeModify: FALSE* > > *ads-pwdMaxAge: 0* > > *ads-pwdFailureCountInterval: 30* > > *ads-pwdAttribute: userPassword* > > *ads-pwdMaxFailure: 5* > > *ads-pwdLockout: TRUE* > > *ads-pwdMustChange: FALSE* > > *ads-pwdLockoutDuration: 0* > > *ads-pwdMinLength: 5* > > *ads-pwdInHistory: 5* > > *ads-pwdExpireWarning: 600* > > *ads-pwdMinAge: 0* > > *ads-pwdAllowUserChange: TRUE* > > *ads-pwdGraceAuthNLimit: 5* > > *ads-pwdCheckQuality: 1* > > *ads-pwdMaxLength: 0 * > > *ads-pwdGraceExpire: 0* > > *ads-pwdMinDelay: 0* > > *ads-pwdMaxDelay: 0* > > *ads-pwdMaxIdle: 0* > > *ads-pwdValidator: > > > > > org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator* > > *ads-enabled: TRUE* > > > > I then import a user into the server using Apache Directory Studio. > Despite > > the password not meeting the min length criteria, the user gets added > > successfully: > > > > *#!RESULT OK* > > *#!CONNECTION ldap://localhost:10389* > > *#!DATE 2014-05-13T10:19:54.095* > > *dn: uid=SHolmes,ou=people,dc=example,dc=com* > > *changetype: add* > > *mail: [email protected] <[email protected]>* > > *uid: SHolmes* > > *userPassword: pass* > > *givenname: Sherlock* > > *description: SHolmes* > > *objectclass: person* > > *objectclass: organizationalPerson* > > *objectclass: inetOrgPerson* > > *objectclass: top* > > *sn: Holmes* > > *cn: SHolmes* > > > > Could you pl help me in understanding what I am doing wrong? > > > > Thanks. > > > > > > -- > Kiran Ayyagari > http://keydap.com >
