directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sathya S <sathya.skr...@gmail.com>
Subject Re: Password policy not kicking in
Date Tue, 13 May 2014 19:26:31 GMT
Thank you Kiran.

Is this a change that has been recently introduced? I actually downgraded
the server versions and found that this same configurations works fine till
2.0.0-M14 but is broken (or modified) in 2.0.0-M15.

Another question - what is the purpose of the ads-pwdValidator class? I
wanted to impose additional checks on the password (alphanumeric + special
characters) and as it didnt seem to be supported by ApacheDS, I thought
extending the validator class may be the right approach. But I find that
the class does not get called in at all. So curious to know the purpose of
the ads-pwdValidator class and when it gets called in.

Thanks.


On Tue, May 13, 2014 at 8:19 PM, Kiran Ayyagari <kayyagari@apache.org>wrote:

> The configuration is correct.
>
> Make sure that you are not adding this entry as an administrator, password
> policy is not
> enforced when an administrator adds or modifies a password
>
>
> On Tue, May 13, 2014 at 3:52 PM, Sathya S <sathya.skr.75@gmail.com> wrote:
>
> > Hi,
> >
> > I am trying to set up a password policy on my ApacheDS instance to enable
> > minimum length check. I changed the minimum length from default of 5 to
> 7.
> > This is my password policy ldif:
> >
> > *dn:
> >
> >
> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config*
> > *objectClass: top*
> > *objectClass: ads-base*
> > *objectClass: ads-passwordPolicy*
> > *ads-pwdId: default*
> > *ads-pwdSafeModify: FALSE*
> > *ads-pwdMaxAge: 0*
> > *ads-pwdFailureCountInterval: 30*
> > *ads-pwdAttribute: userPassword*
> > *ads-pwdMaxFailure: 5*
> > *ads-pwdLockout: TRUE*
> > *ads-pwdMustChange: FALSE*
> > *ads-pwdLockoutDuration: 0*
> > *ads-pwdMinLength: 5*
> > *ads-pwdInHistory: 5*
> > *ads-pwdExpireWarning: 600*
> > *ads-pwdMinAge: 0*
> > *ads-pwdAllowUserChange: TRUE*
> > *ads-pwdGraceAuthNLimit: 5*
> > *ads-pwdCheckQuality: 1*
> > *ads-pwdMaxLength: 0 *
> > *ads-pwdGraceExpire: 0*
> > *ads-pwdMinDelay: 0*
> > *ads-pwdMaxDelay: 0*
> > *ads-pwdMaxIdle: 0*
> > *ads-pwdValidator:
> >
> >
> org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator*
> > *ads-enabled: TRUE*
> >
> > I then import a user into the server using Apache Directory Studio.
> Despite
> > the password not meeting the min length criteria, the user gets added
> > successfully:
> >
> > *#!RESULT OK*
> > *#!CONNECTION ldap://localhost:10389*
> > *#!DATE 2014-05-13T10:19:54.095*
> > *dn: uid=SHolmes,ou=people,dc=example,dc=com*
> > *changetype: add*
> > *mail: SHolmes@gmail.com <SHolmes@gmail.com>*
> > *uid: SHolmes*
> > *userPassword: pass*
> > *givenname: Sherlock*
> > *description: SHolmes*
> > *objectclass: person*
> > *objectclass: organizationalPerson*
> > *objectclass: inetOrgPerson*
> > *objectclass: top*
> > *sn: Holmes*
> > *cn: SHolmes*
> >
> > Could you pl help me in understanding what I am doing wrong?
> >
> > Thanks.
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message