diff --git a/README.md b/README.md index 6a2e8a8..5736e14 100644 --- a/README.md +++ b/README.md @@ -624,11 +624,13 @@ This two commands are a little convoluted but what they're doing is, using ldaps ### _Setup passwords complexity_ -There are different levels of password complexity that comes with the policies module in openLDAP: -0: No quality checking. Any password is accepted, regardless of complexity. -1: Evaluates the password against its built-in quality checks but does not reject weak passwords. If the password fails (e.g., too short or too simple), it logs a warning but allows the change to proceed. -2: OpenLDAP strictly enforces password quality, rejecting weak passwords with "Constraint violation" errors and messages like "Password fails quality checking policy". -Minimum Password quality checking: length check of at least 5–6 characters, reject identical characters like aaaaaa or 111111 +By default, the minimum password quality policy (pwdPolicyQuality) is: length check of at least 5–6 characters, reject identical characters like aaaaaa or 111111.\ +The pwdPolicyQuality can be changed, we will do so later, let's understand how is it enforced for now.\ +\ +There are different levels of password complexity that comes with the policies module in openLDAP:\ +0: No quality checking. Any password is accepted, regardless of complexity. (Default value)\ +1: Evaluates the password against its built-in quality checks but does not reject weak passwords. If the password fails (e.g., too short or too simple), it logs a warning but allows the change to proceed.\ +2: OpenLDAP strictly enforces password quality, rejecting weak passwords with "Constraint violation" errors and messages like "Password fails quality checking policy".\ Setting up passwords complexity level: ```