Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7F7C5E7D0 for ; Wed, 28 Nov 2012 13:57:22 +0000 (UTC) Received: (qmail 69251 invoked by uid 500); 28 Nov 2012 13:57:19 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 68335 invoked by uid 500); 28 Nov 2012 13:57:16 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 68306 invoked by uid 99); 28 Nov 2012 13:57:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2012 13:57:15 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of elecharny@gmail.com designates 209.85.217.178 as permitted sender) Received: from [209.85.217.178] (HELO mail-lb0-f178.google.com) (209.85.217.178) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Nov 2012 13:57:08 +0000 Received: by mail-lb0-f178.google.com with SMTP id l5so12856343lbo.37 for ; Wed, 28 Nov 2012 05:56:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=OxzoF9yjhr4BooUrDybPkSzMVqIulQSwM4jMg+zotM8=; b=l9ilfGyZPw12zYXwilJuLkk2CP8bDUKQXiqCj9jajWGclU3PDbHdDoJMJXw72HZDxQ APY/LIDlOJU7bez/LA4dXmDZ/vJlhzsKyVG/rRS6xRWMbpu1s4nkwk4w6phIBp5dRnGx he8ZcnXcF5UosSr0bywo3uKONkgNbVQQkMOX7PA7GCZk7LKWTFbPCym9kGVZwXHQnSGl 9533q0a3N7ZeNEAQ/EP1NyD14sMrYiTba/JH/3L7nqDfCs8AQnYYR1Ump09bNw5wrn9N v6aA2Bc4C5RB7cOdhd0ECkBNVxmDhdHkSE3eG74V88ws3s5H3AQQwqnwLjlXYqWUs9Mw B9dA== Received: by 10.112.84.168 with SMTP id a8mr2467097lbz.75.1354111006649; Wed, 28 Nov 2012 05:56:46 -0800 (PST) Received: from Emmanuels-MacBook-Pro.local (lon92-10-78-226-4-211.fbx.proxad.net. [78.226.4.211]) by mx.google.com with ESMTPS id pz9sm8118932lab.11.2012.11.28.05.56.45 (version=SSLv3 cipher=OTHER); Wed, 28 Nov 2012 05:56:46 -0800 (PST) Message-ID: <50B6181C.5030006@gmail.com> Date: Wed, 28 Nov 2012 14:56:44 +0100 From: =?UTF-8?B?RW1tYW51ZWwgTMOpY2hhcm55?= Reply-To: elecharny@apache.org User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: users@directory.apache.org Subject: Re: ApacheDS and password policy References: In-Reply-To: X-Enigmail-Version: 1.4.6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Le 11/28/12 2:05 PM, Yevgen Ovchynnikov a écrit : > Hello, > > As I can see from your page http://directory.apache.org/apacheds/1.5/account-and-password-policy-management.html , password policy and password strength are in future development, am I correct? They are already available in 2.0.0-M8. > If yes, could you please provide any tools or recommends how to implement password strength with ApacheDS? It will be great to your community. The documentation is not yet ready, but for 2.0.0-M8, you have many parameters you can set to manage the passwordPolicy in the PasswordPolicies entry : ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config You have many possible parameters you can set. > For example: > > - Include at least one character from at least three of the following classes: lowercase letters, uppercase letters, numerals, punctuation (for example, #, |, $, % and spaces) > > - Are not found in common dictionaries, and are not well-known or predictable phrases > > - Do not resemble the name of the account holder Some of those checks are done through the DefaultPasswordValidator, but not all of them. We need to add some more validators. Hope it helps... -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com