directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Password policy
Date Fri, 29 Jan 2016 06:35:02 GMT
Le 29/01/16 02:26, akarypid@yahoo.gr a écrit :
> Hi,
> I'd like to enforce some rules for password values (such as use of at least 2 capitals,
1 number, 1 symbol, etc). Is it possible to do this with configuration in the server? I've
seen the password policy view in Apache Directory Studio but it doesn't have anything like
that.

No, it's not a policy you can enforce atm. That would require some
extension to the server.

> If it's not configurable out of the box, is there maybe an API that one could use to
write a custom "plugin" class that would be invoked whenever an attempt to change the userPassword
attribute's value is made?
You can replace the PasswordValidator hat is used by default. There is
an interface
(http://directory.apache.org/apacheds/gen-docs/2.0.0-M20/apidocs/org/apache/directory/server/core/api/authn/ppolicy/PasswordValidator.html)
that can be implemented (here is the code for the default impl :
http://directory.apache.org/apacheds/gen-docs/2.0.0-M20/xref/org/apache/directory/server/core/api/authn/ppolicy/DefaultPasswordValidator.html).

Once you have created your own validator, you have to modify the server
configuration to tell the server what class to use to run a custom
validator : feed the ads-pwdValidator attribute with your password
validator FQCN. The parameter is described on
http://directory.apache.org/apacheds/advanced-ug/2.1-config-description.html#password-policies




Mime
View raw message