0

I would like to implement password policies for all openldap users.

there are 2 things i would like to do:

  1. password aging (users should be forced to change their passwords at least every 90 days)
  2. password complexity ( users must have a password minimal length of 8chars including at least 1 number, 1 alpha and 1 special )
JMW
  • 1,451
  • 4
  • 19
  • 27

1 Answers1

1

See this: 12.10. Password Policies from the OpenLDAP manual.

The second part will probably require some coding but the overlay works and any client that listens to what OpenLDAP tells it will warn about expiring passwords.

I'd also recommend a password history, strictly speaking your requirements don't force a user to change from one password to another, but only from the old password to the new (which could be the same regarding your requirements)

Martin M.
  • 6,428
  • 2
  • 24
  • 42