diff --git a/README.md b/README.md index c30061a..ae301b3 100644 --- a/README.md +++ b/README.md @@ -630,7 +630,7 @@ The pwdPolicyQuality can be changed, we will do so later, let's understand how i There are different levels of password complexity that comes with the policies module in openLDAP:\ 0: No quality checking. Any password is accepted, regardless of complexity. (Default value)\ 1: Evaluates the password against its built-in quality checks but does not reject weak passwords. If the password fails (e.g., too short or too simple), it logs a warning but allows the change to proceed.\ -2: OpenLDAP strictly enforces password quality, rejecting weak passwords with "Constraint violation" errors and messages like "Password fails quality checking policy".\ +2: OpenLDAP strictly enforces password quality, rejecting weak passwords with "Constraint violation" errors and messages like "Password fails quality checking policy". Setting up passwords complexity level: ``` @@ -653,7 +653,7 @@ changetype: modify replace: pwdMinLength pwdMinLength: 10 ``` -The attribute pwdMinLength being the password minimum characters. +The attribute **pwdMinLength** being the password minimum characters. Now execute the update_policy_minlength.ldif file... ``` root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f update_policy_minlength.ldif @@ -689,7 +689,7 @@ Result: Constraint violation (19) We get again a "Constraint violation" error, the new password did not comply with the minimum requirements, this time the pwdMinLength being 10 as we defined in update_policy_minlength.ldif. \ -Note that getting a constraint violation while trying to change a password, **does not add a pwdFailureTime attribute entry to the user**, as if we would try to do something with the user, like changing some attribute, using the wrong original password. +Note that getting a constraint violation while trying to change a password, **does not add a pwdFailureTime attribute entry to the user**, as if we would try to do something with the user, like changing some attribute, using the wrong original password; e.g., getting these errors won't block the user. ## _Show Organizational Units, users, and attributes_