directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Password policy not kicking in
Date Tue, 13 May 2014 14:49:32 GMT
The configuration is correct.

Make sure that you are not adding this entry as an administrator, password
policy is not
enforced when an administrator adds or modifies a password


On Tue, May 13, 2014 at 3:52 PM, Sathya S <sathya.skr.75@gmail.com> wrote:

> Hi,
>
> I am trying to set up a password policy on my ApacheDS instance to enable
> minimum length check. I changed the minimum length from default of 5 to 7.
> This is my password policy ldif:
>
> *dn:
>
> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config*
> *objectClass: top*
> *objectClass: ads-base*
> *objectClass: ads-passwordPolicy*
> *ads-pwdId: default*
> *ads-pwdSafeModify: FALSE*
> *ads-pwdMaxAge: 0*
> *ads-pwdFailureCountInterval: 30*
> *ads-pwdAttribute: userPassword*
> *ads-pwdMaxFailure: 5*
> *ads-pwdLockout: TRUE*
> *ads-pwdMustChange: FALSE*
> *ads-pwdLockoutDuration: 0*
> *ads-pwdMinLength: 5*
> *ads-pwdInHistory: 5*
> *ads-pwdExpireWarning: 600*
> *ads-pwdMinAge: 0*
> *ads-pwdAllowUserChange: TRUE*
> *ads-pwdGraceAuthNLimit: 5*
> *ads-pwdCheckQuality: 1*
> *ads-pwdMaxLength: 0 *
> *ads-pwdGraceExpire: 0*
> *ads-pwdMinDelay: 0*
> *ads-pwdMaxDelay: 0*
> *ads-pwdMaxIdle: 0*
> *ads-pwdValidator:
>
> org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator*
> *ads-enabled: TRUE*
>
> I then import a user into the server using Apache Directory Studio. Despite
> the password not meeting the min length criteria, the user gets added
> successfully:
>
> *#!RESULT OK*
> *#!CONNECTION ldap://localhost:10389*
> *#!DATE 2014-05-13T10:19:54.095*
> *dn: uid=SHolmes,ou=people,dc=example,dc=com*
> *changetype: add*
> *mail: SHolmes@gmail.com <SHolmes@gmail.com>*
> *uid: SHolmes*
> *userPassword: pass*
> *givenname: Sherlock*
> *description: SHolmes*
> *objectclass: person*
> *objectclass: organizationalPerson*
> *objectclass: inetOrgPerson*
> *objectclass: top*
> *sn: Holmes*
> *cn: SHolmes*
>
> Could you pl help me in understanding what I am doing wrong?
>
> Thanks.
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message