directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sathya S <sathya.skr...@gmail.com>
Subject Password policy not kicking in
Date Tue, 13 May 2014 10:22:06 GMT
Hi,

I am trying to set up a password policy on my ApacheDS instance to enable
minimum length check. I changed the minimum length from default of 5 to 7.
This is my password policy ldif:

*dn:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config*
*objectClass: top*
*objectClass: ads-base*
*objectClass: ads-passwordPolicy*
*ads-pwdId: default*
*ads-pwdSafeModify: FALSE*
*ads-pwdMaxAge: 0*
*ads-pwdFailureCountInterval: 30*
*ads-pwdAttribute: userPassword*
*ads-pwdMaxFailure: 5*
*ads-pwdLockout: TRUE*
*ads-pwdMustChange: FALSE*
*ads-pwdLockoutDuration: 0*
*ads-pwdMinLength: 5*
*ads-pwdInHistory: 5*
*ads-pwdExpireWarning: 600*
*ads-pwdMinAge: 0*
*ads-pwdAllowUserChange: TRUE*
*ads-pwdGraceAuthNLimit: 5*
*ads-pwdCheckQuality: 1*
*ads-pwdMaxLength: 0 *
*ads-pwdGraceExpire: 0*
*ads-pwdMinDelay: 0*
*ads-pwdMaxDelay: 0*
*ads-pwdMaxIdle: 0*
*ads-pwdValidator:
org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator*
*ads-enabled: TRUE*

I then import a user into the server using Apache Directory Studio. Despite
the password not meeting the min length criteria, the user gets added
successfully:

*#!RESULT OK*
*#!CONNECTION ldap://localhost:10389*
*#!DATE 2014-05-13T10:19:54.095*
*dn: uid=SHolmes,ou=people,dc=example,dc=com*
*changetype: add*
*mail: SHolmes@gmail.com <SHolmes@gmail.com>*
*uid: SHolmes*
*userPassword: pass*
*givenname: Sherlock*
*description: SHolmes*
*objectclass: person*
*objectclass: organizationalPerson*
*objectclass: inetOrgPerson*
*objectclass: top*
*sn: Holmes*
*cn: SHolmes*

Could you pl help me in understanding what I am doing wrong?

Thanks.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message