Update README.md
This commit is contained in:
parent
d84f905b74
commit
0de1930697
@ -630,7 +630,7 @@ The pwdPolicyQuality can be changed, we will do so later, let's understand how i
|
|||||||
There are different levels of password complexity that comes with the policies module in openLDAP:\
|
There are different levels of password complexity that comes with the policies module in openLDAP:\
|
||||||
0: No quality checking. Any password is accepted, regardless of complexity. (Default value)\
|
0: No quality checking. Any password is accepted, regardless of complexity. (Default value)\
|
||||||
1: Evaluates the password against its built-in quality checks but does not reject weak passwords. If the password fails (e.g., too short or too simple), it logs a warning but allows the change to proceed.\
|
1: Evaluates the password against its built-in quality checks but does not reject weak passwords. If the password fails (e.g., too short or too simple), it logs a warning but allows the change to proceed.\
|
||||||
2: OpenLDAP strictly enforces password quality, rejecting weak passwords with "Constraint violation" errors and messages like "Password fails quality checking policy".\
|
2: OpenLDAP strictly enforces password quality, rejecting weak passwords with "Constraint violation" errors and messages like "Password fails quality checking policy".
|
||||||
|
|
||||||
Setting up passwords complexity level:
|
Setting up passwords complexity level:
|
||||||
```
|
```
|
||||||
@ -653,7 +653,7 @@ changetype: modify
|
|||||||
replace: pwdMinLength
|
replace: pwdMinLength
|
||||||
pwdMinLength: 10
|
pwdMinLength: 10
|
||||||
```
|
```
|
||||||
The attribute pwdMinLength being the password minimum characters.
|
The attribute **pwdMinLength** being the password minimum characters.
|
||||||
Now execute the update_policy_minlength.ldif file...
|
Now execute the update_policy_minlength.ldif file...
|
||||||
```
|
```
|
||||||
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f update_policy_minlength.ldif
|
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f update_policy_minlength.ldif
|
||||||
@ -689,7 +689,7 @@ Result: Constraint violation (19)
|
|||||||
We get again a "Constraint violation" error, the new password did not comply with the minimum requirements, this time the pwdMinLength being 10 as we defined in update_policy_minlength.ldif.
|
We get again a "Constraint violation" error, the new password did not comply with the minimum requirements, this time the pwdMinLength being 10 as we defined in update_policy_minlength.ldif.
|
||||||
|
|
||||||
\
|
\
|
||||||
Note that getting a constraint violation while trying to change a password, **does not add a pwdFailureTime attribute entry to the user**, as if we would try to do something with the user, like changing some attribute, using the wrong original password.
|
Note that getting a constraint violation while trying to change a password, **does not add a pwdFailureTime attribute entry to the user**, as if we would try to do something with the user, like changing some attribute, using the wrong original password; e.g., getting these errors won't block the user.
|
||||||
|
|
||||||
|
|
||||||
## _Show Organizational Units, users, and attributes_
|
## _Show Organizational Units, users, and attributes_
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user