okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Marisa 2025-10-07 16:07:07 -04:00
parent d84f905b74
commit 0de1930697
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -630,7 +630,7 @@ The pwdPolicyQuality can be changed, we will do so later, let's understand how i
There are different levels of password complexity that comes with the policies module in openLDAP:\
0: No quality checking. Any password is accepted, regardless of complexity. (Default value)\
1: Evaluates the password against its built-in quality checks but does not reject weak passwords. If the password fails (e.g., too short or too simple), it logs a warning but allows the change to proceed.\
2: OpenLDAP strictly enforces password quality, rejecting weak passwords with "Constraint violation" errors and messages like "Password fails quality checking policy".\
2: OpenLDAP strictly enforces password quality, rejecting weak passwords with "Constraint violation" errors and messages like "Password fails quality checking policy".
Setting up passwords complexity level:
```
@ -653,7 +653,7 @@ changetype: modify
replace: pwdMinLength
pwdMinLength: 10
```
The attribute pwdMinLength being the password minimum characters.
The attribute **pwdMinLength** being the password minimum characters.
Now execute the update_policy_minlength.ldif file...
```
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f update_policy_minlength.ldif
@ -689,7 +689,7 @@ Result: Constraint violation (19)
We get again a "Constraint violation" error, the new password did not comply with the minimum requirements, this time the pwdMinLength being 10 as we defined in update_policy_minlength.ldif.
\
Note that getting a constraint violation while trying to change a password, **does not add a pwdFailureTime attribute entry to the user**, as if we would try to do something with the user, like changing some attribute, using the wrong original password.
Note that getting a constraint violation while trying to change a password, **does not add a pwdFailureTime attribute entry to the user**, as if we would try to do something with the user, like changing some attribute, using the wrong original password; e.g., getting these errors won't block the user.
## _Show Organizational Units, users, and attributes_