Using Password
Policy
The Password
Policy Standard
Password Policy is still now a draft of an LDAPv3
extension and can be read here:
https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt
(en). Some LDAP servers implements it, like OpenLDAP and its ppolicy
overlay.
Prerequisites
Compliant LDAP
server
Your LDAP server must provide the LDAP Password
Policy Control (OID: 1.3.6.1.4.1.42.2.27.8.5.1).
Documentation on how to set ppolicy in OpenLDAP
can be found here:
http://www.linagora.org/article165.html
(fr).
Perl Net::LDAP
module
The Net::LDAP::Control::PasswordPolicy is
available since Perl-LDAP 0.36. Please update your Perl installation if
you want to deal with Password Policy in LemonLDAP::NG:
http://ldap.perl.org/ (en).
Password Policy in
LemonLDAP::NG
The Password Policy functionality is available
since LemonLDAP::NG 0.9.1. It allows to display on the portal page 2 new
error messages:
- Your account is locked
- Your password has expired
Other use case are a work in progress.
To activate Password Policy, you have to set a
new parameter inside you portal perl script (e.g. portal/index.pl), like:
#!/usr/bin/perl
use Lemonldap::NG::Portal::SharedConf;
my $portal = Lemonldap::NG::Portal::SharedConf->new(
{
configStorage => {
type => 'File',
dirName => '/var/lib/config',
},
ldapPpolicyControl => 1,
}
);