Can I add pwdMaxlength attribute to OpenLDAP password policy (ppolicy)?
Issue
- Can I set Maximum Length for password in (ppolicy) password policy configured in OpenLDAP?
- I have modified the
ppolicy.schemaschema and includedpwdMaxlengthattribute to configure Maximum Length for password but it is not working as expected. i.e:
* Copied below lines in /etc/openldap/schema/ppolicy.schema
1- 5.2.7. pwdMaxLength
When quality checking is enabled, this attribute holds the maximum number of characters that may be used in a password. If this attribute is not present, no maximum password length will be enforced. If the server is unable to check the length (due to a hashed password or otherwise), the server will, depending on the value of the pwdCheckQuality attribute, either accept the password without checking it ('0' or '1') or refuse it ('2').
( 1.3.6.1.4.1.42.2.27.8.1.31
NAME 'pwdMaxLength'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
2] Then add pwdMaxLength after pwdMinLength
5.1. The pwdPolicy Object Class
This object class contains the attributes defining a password policy
in effect for a set of users. Section 10 describes the
administration of this object, and the relationship between it and
particular objects.
( 1.3.6.1.4.1.42.2.27.8.2.1
NAME 'pwdPolicy'
SUP top
AUXILIARY
MUST ( pwdAttribute )
MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $
pwdMinLength $ pwdMaxLength $ pwdExpireWarning $
pwdGraceAuthNLimit $ pwdGraceExpiry $ pwdLockout $
pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
pwdMustChange $ pwdAllowUserChange $ pwdSafeModify $
pwdMinDelay $ pwdMaxDelay $ pwdMaxIdle ) )
Environment
- Red Hat Enterprise Linux 6
- OpenLDAP
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
