Using Password Policy

Documentation applicable for LemonLDAP::NG >= 0.9.1

The Password Policy Standard

Password Policy is still now a draft of an LDAPv3 extension and can be read here: https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt (en). Some LDAP servers implements it, like OpenLDAP and its ppolicy overlay.

Prerequisites

Compliant LDAP server

Your LDAP server must provide the LDAP Password Policy Control (OID: 1.3.6.1.4.1.42.2.27.8.5.1).

Documentation on how to set ppolicy in OpenLDAP can be found here: http://www.linagora.org/article165.html (fr).

Perl Net::LDAP module

The Net::LDAP::Control::PasswordPolicy is available since Perl-LDAP 0.36. But some bugs relative to this modules wer found, so we advice to take at leaste 0.39. Please update your Perl installation if you want to deal with Password Policy in LemonLDAP::NG: http://ldap.perl.org/ (en).

Password Policy in LemonLDAP::NG

The Password Policy functionality is available since LemonLDAP::NG 0.9.1. It allows to display on the portal page 2 new error messages: Since LemonLDAP:NG 0.9.3, password policy is also used in menu, with the password changement form. It handles the following errors: LemonLDAP::NG also notify the user for: To activate Password Policy, you have to set a new parameter inside you portal perl script (e.g. portal/index.pl), like:

#!/usr/bin/perl

use Lemonldap::NG::Portal::SharedConf;

my $portal = Lemonldap::NG::Portal::SharedConf->new( { configStorage => { type => 'File', dirName => '/var/lib/config', }, ldapPpolicyControl => 1, } );