Hi.
There is a problem with setting the password policy in conjunction SOGo +
LDAP. If it's important, SOGo is used on the mail server IredMail.
1) In sogo.conf I made the following settings:
SOGoUserSources = (
{
type = ldap;
hostname = "ldap://127.0.0.1:389";;
baseDN = "o=domains,dc=mydomain,dc=com";
//bindAsCurrentUser = YES;
bindDN = "cn=vmailadmin,dc=mydomain,dc=com";
bindPassword = "password";
filter = "objectClass=mailUser AND accountStatus=active AND
enabledService=mail";
scope = SUB;
userPasswordAlgorithm = ssha;
passwordPolicy = YES;
IDFieldName = mail;
bindFields = (mail);
//bindFields = (mail,uid);
CNFieldName = cn;
UIDFieldName = mail;
IMAPLoginFieldName = mail;
SearchFieldNames = (cn, sn, displayName, mail, shadowAddress);
canAuthenticate = YES;
displayName = "Global Address Book";
id = ldap_auth;
isAddressBook = YES;
}
);
2) In slapd.conf I add following settings:
include /etc/ldap/schema/ppolicy.schema
......
moduleload ppolicy.la
.......
database hdb
....
overlay ppolicy
ppolicy_default "cn=passwordPolicy,dc=mydomain,dc=com"
3) Add to LDAP base:
dn: cn=passwordPolicy,dc=mydomain,dc=com
objectClass: inetOrgPerson
objectClass: pwdPolicy
objectClass: pwdPolicyChecker
cn: passwordPolicy
sn: passwordPolicy
pwdAttribute: userPassword
pwdMinLength: 8
But the password policy is still not working.
Then the user test1 I replaced Hash Metod from SSHA to Plaintext.
After that, the password policy for test1 began to act.
How to configure SOGo for using Hash Metod SSHA?
Best regards,
Maxim.
--
[email protected]
https://inverse.ca/sogo/lists
