directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Password policy not kicking in
Date Tue, 13 May 2014 19:48:54 GMT
On Wed, May 14, 2014 at 12:56 AM, Sathya S <sathya.skr.75@gmail.com> wrote:

> Thank you Kiran.
>
> Is this a change that has been recently introduced? I actually downgraded
> the server versions and found that this same configurations works fine till
> 2.0.0-M14 but is broken (or modified) in 2.0.0-M15.
>
> yes, this was modified, earlier the policy was enforced for _all_ users,
which is not
the correct thing (admins are gods right ;)

> Another question - what is the purpose of the ads-pwdValidator class? I
> wanted to impose additional checks on the password (alphanumeric + special
> characters) and as it didnt seem to be supported by ApacheDS, I thought
> extending the validator class may be the right approach. But I find that
> the class does not get called in at all. So curious to know the purpose of
> the ads-pwdValidator class and when it gets called in.
>
yes, this is created for the same purpose, which version are you using?
did you add the jar to lib folder (or to the classpath, if you are running
the server using apacheds.sh script)

provide us any error logs if present

>
> Thanks.
>
>
> On Tue, May 13, 2014 at 8:19 PM, Kiran Ayyagari <kayyagari@apache.org
> >wrote:
>
> > The configuration is correct.
> >
> > Make sure that you are not adding this entry as an administrator,
> password
> > policy is not
> > enforced when an administrator adds or modifies a password
> >
> >
> > On Tue, May 13, 2014 at 3:52 PM, Sathya S <sathya.skr.75@gmail.com>
> wrote:
> >
> > > Hi,
> > >
> > > I am trying to set up a password policy on my ApacheDS instance to
> enable
> > > minimum length check. I changed the minimum length from default of 5 to
> > 7.
> > > This is my password policy ldif:
> > >
> > > *dn:
> > >
> > >
> >
> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config*
> > > *objectClass: top*
> > > *objectClass: ads-base*
> > > *objectClass: ads-passwordPolicy*
> > > *ads-pwdId: default*
> > > *ads-pwdSafeModify: FALSE*
> > > *ads-pwdMaxAge: 0*
> > > *ads-pwdFailureCountInterval: 30*
> > > *ads-pwdAttribute: userPassword*
> > > *ads-pwdMaxFailure: 5*
> > > *ads-pwdLockout: TRUE*
> > > *ads-pwdMustChange: FALSE*
> > > *ads-pwdLockoutDuration: 0*
> > > *ads-pwdMinLength: 5*
> > > *ads-pwdInHistory: 5*
> > > *ads-pwdExpireWarning: 600*
> > > *ads-pwdMinAge: 0*
> > > *ads-pwdAllowUserChange: TRUE*
> > > *ads-pwdGraceAuthNLimit: 5*
> > > *ads-pwdCheckQuality: 1*
> > > *ads-pwdMaxLength: 0 *
> > > *ads-pwdGraceExpire: 0*
> > > *ads-pwdMinDelay: 0*
> > > *ads-pwdMaxDelay: 0*
> > > *ads-pwdMaxIdle: 0*
> > > *ads-pwdValidator:
> > >
> > >
> >
> org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator*
> > > *ads-enabled: TRUE*
> > >
> > > I then import a user into the server using Apache Directory Studio.
> > Despite
> > > the password not meeting the min length criteria, the user gets added
> > > successfully:
> > >
> > > *#!RESULT OK*
> > > *#!CONNECTION ldap://localhost:10389*
> > > *#!DATE 2014-05-13T10:19:54.095*
> > > *dn: uid=SHolmes,ou=people,dc=example,dc=com*
> > > *changetype: add*
> > > *mail: SHolmes@gmail.com <SHolmes@gmail.com>*
> > > *uid: SHolmes*
> > > *userPassword: pass*
> > > *givenname: Sherlock*
> > > *description: SHolmes*
> > > *objectclass: person*
> > > *objectclass: organizationalPerson*
> > > *objectclass: inetOrgPerson*
> > > *objectclass: top*
> > > *sn: Holmes*
> > > *cn: SHolmes*
> > >
> > > Could you pl help me in understanding what I am doing wrong?
> > >
> > > Thanks.
> > >
> >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message