Password Complexity
Configure Password Complexity 2.5.13+
Create an LDIF to modify the password policy that is implemented. In this example we are modifying the default password policy entry (cn=passwordDefault,ou=policies,dc=example,dc=com):
vi /tmp/pw_check.ldif
Add the following content
dn: cn=passwordDefault,ou=policies,dc=example,dc=com
changetype: modify
replace: pwdCheckQuality
pwdCheckQuality: 2
-
add: objectclass
objectclass: pwdPolicyChecker
-
add: pwdcheckmodule
pwdcheckmodule: ppm.soAdd the newly created ldif to the database.
ldapmodify -x -H ldap:/// -D cn=ldapadmin,dc=example,dc=com -f /tmp/pwcheck.ldif -W
Create the password complexity parameters in a file, for example: ppm.conf
vi /tmp/ppm.conf
Enter the appropriate configuration to ppm.conf, example:
minQuality 3
forbiddenChars .?,
maxLength 0
checkRDN 1
class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
class-digit 0123456789 0 1
class-special <>,?;.:/!§ù%*μ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+ 0 1Due to changes in the ppm.so module, ppm.conf will no longer being used. The data will need to encoded in a base64 format and placed with the ‘pwdCheckModuleArg’ attribute.
Encode the data using command line
cd /tmp/
base64 ppm.conf > encoded_ppm.conf
cat encoded_ppm.conf
bWluUXVhbGl0eSAzCmZvcmJpZGRlbkNoYXJzIC4/LAptYXhMZW5ndGggMApjaGVja1JETiAxCmNs
YXNzLXVwcGVyQ2FzZSBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWiAwIDEKY2xhc3MtbG93ZXJD
YXNlIGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6IDAgMQpjbGFzcy1kaWdpdCAwMTIzNDU2Nzg5
IDAgMQpjbGFzcy1zcGVjaWFsIDw+LD87LjovIcKnw7klKs68XsKoJMKjwrImw6l+IiMneyhbLXzD
qGBfXMOnXsOgQCldwrA9fSsgMCAxCopy the output and place in an ldif
vi /tmp/pwdcomplexity.ldif
dn: cn=passwordDefault,ou=policies,dc=example,dc=com
changetype: modify
replace: pwdCheckModuleArg
pwdCheckModuleArg: bWluUXVhbGl0eSAzCmZvcmJpZGRlbkNoYXJzIC4/LAptYXhMZW5ndGggMApjaGVja1JETiAxCmNsYXNzLXVwcGVyQ2FzZSBBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWiAwIDEKY2xhc3MtbG93ZXJDYXNlIGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6IDAgMQpjbGFzcy1kaWdpdCAwMTIzNDU2Nzg5IDAgMQpjbGFzcy1zcGVjaWFsIDw+LD87LjovIcKnw7klKs68XsKoJMKjwrImw6l+IiMneyhbLXzDqGBfXMOnXsOgQCldwrA9fSsgMCAxAdd the newly created ldif to the database.
ldapmodify -x -H ldap:/// -D cn=ldapadmin,dc=example,dc=com -f /tmp/pwdcomplexity.ldif -W
Save the changes and restart slapd service
service slapd restart or
systemctl restart slapd or
service solserver restart