OpenLDAP Password Policy Module: the password policy overlay in OpenLDAP provides the option for calling an external module to check the passwords complexity requirements. We modified this custom module in order to implement Active Directory compatibility.
This open source OpenLDAP ppolicy module is available on GitHub : https://bitbucket.org/januadev/ppm. You can test it, use it and even upgrade it to suit your needs.
For more information, you can read about the pwdCheckModule attribute in slapo-ppolicy(5) – Linux man page :
pwdCheckModule
This attribute names a user-defined loadable module that must instantiate the check_password() function. This function will be called to further check a new password if pwdCheckQuality is set to one (1) or two (2), after all of the built-in password compliance checks have been passed. This function will be called according to this function prototype:
int check_password (char *pPasswd, char **ppErrStr, Entry *pEntry);
The pPasswd parameter contains the clear-text user password, the ppErrStr parameter contains a double pointer that allows the function to return human-readable details about any error it encounters. The optional pEntry parameter, if non-NULL, carries a pointer to the entry whose password is being checked. If ppErrStr is NULL, then funcName must NOT attempt to use it/them. A return value of LDAP_SUCCESS from the called function indicates that the password is ok, any other value indicates that the password is unacceptable. If the password is unacceptable, the server will return an error to the client, and ppErrStr may be used to return a human-readable textual explanation of the error. The error string must be dynamically allocated as it will be free()'d by slapd.
( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
Note: The user-defined loadable module named by pwdCheckModule must be in slapd's standard executable search PATH.
Note: pwdCheckModule is a non-standard extension to the LDAP password policy proposal.
Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Les derniers articles par janua (tout voir)
- New Keycloak online training - 19 janvier 2022
- Sizing Keycloak or Redhat SSO projects - 8 juin 2021
- Keycloak.X Distribution - 28 janvier 2021