Le 29/01/16 02:26, [email protected] a écrit : > Hi, > I'd like to enforce some rules for password values (such as use of at least 2 > capitals, 1 number, 1 symbol, etc). Is it possible to do this with > configuration in the server? I've seen the password policy view in Apache > Directory Studio but it doesn't have anything like that.
No, it's not a policy you can enforce atm. That would require some extension to the server. > If it's not configurable out of the box, is there maybe an API that one could > use to write a custom "plugin" class that would be invoked whenever an > attempt to change the userPassword attribute's value is made? You can replace the PasswordValidator hat is used by default. There is an interface (http://directory.apache.org/apacheds/gen-docs/2.0.0-M20/apidocs/org/apache/directory/server/core/api/authn/ppolicy/PasswordValidator.html) that can be implemented (here is the code for the default impl : http://directory.apache.org/apacheds/gen-docs/2.0.0-M20/xref/org/apache/directory/server/core/api/authn/ppolicy/DefaultPasswordValidator.html). Once you have created your own validator, you have to modify the server configuration to tell the server what class to use to run a custom validator : feed the ads-pwdValidator attribute with your password validator FQCN. The parameter is described on http://directory.apache.org/apacheds/advanced-ug/2.1-config-description.html#password-policies
