Results 1 to 3 of 3

Thread: LDAP : disable password quality check

  1. #1
    Join Date
    Jun 2008
    Location
    Italy
    Posts
    39

    Default LDAP : disable password quality check

    hi, i installed and LDAP domain into a school.

    Students and Teachers are supposed to change their password on first login, and i found the way to do that...

    i have one main problem, LDAP wont allow to use an easy password.
    10 years old kids can't and wont remember a long alphanumeric password.
    how can i do that? The only thing i want is to have is a 4 digits long password.

    here my steps:

    yast2 ldap-server --> databases --> dc=qsilocal,dc=org (hdb) --> Password Policy Configuration

    than i selected:

    Enable Password Policies
    Disclose "Account Locked" status
    Default Policy Object DN: cn=Default Policy (Append Base DN)

    than i seleced
    Edit Policy

    so continuing....

    Maximum Number of Passwords Stored in History = 0

    than i checked

    User Must Change Password After Reset
    User Can Change Password

    into "Password Quality Checking" i check "No Checking"

    if i go into "ldap-browser" i get:

    Code:
    Attribute │Value
    cn │Default Policy
    objectClass │namedObject,pwdPolicy
    pwdAttribute │userPassword
    pwdCheckQuality │0
    pwdExpireWarning │1296000
    pwdMaxAge │7776000
    pwdMinLength │4
    pwdMustChange │TRUE
    pwdSafeModify │FALSE
    pwdMinAge
    pwdInHistory
    pwdGraceAuthNLimit
    pwdLockout
    pwdLockoutDuration
    pwdMaxFailure
    pwdFailureCountInterval
    pwdAllowUserChange
    so.. what's wrong here?

  2. #2
    Join Date
    Oct 2008
    Location
    North Wales, UK
    Posts
    1,114

    Default Re: LDAP : disable password quality check

    Try modifying it using yast>network services>ldap client
    Go to the advanced>Admin>user management and choose userconfig.
    Just set the min and max lengths and it should work fine.
    Disable the Policy check for the ldap server settings.
    This should give you what you need.

  3. #3
    Join Date
    Jun 2008
    Location
    Italy
    Posts
    39

    Default Re: LDAP : disable password quality check

    Quote Originally Posted by whych View Post
    Try modifying it using yast>network services>ldap client
    Go to the advanced>Admin>user management and choose userconfig.
    Just set the min and max lengths and it should work fine.
    Disable the Policy check for the ldap server settings.
    This should give you what you need.
    i did , but it still want a strong password.

    i also tried to remove the default password policy, but doing that i'm no more able to reset the password and make the user able to choose his own one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •