Is there a way to get the password policy information (password length, complexity etc) of a user from an OpenLDAP server? (with ldapsearch or some other way).
Asked
Active
Viewed 9,526 times
1 Answers
1
Yes. Get the operational attribute pwdPolicySubentry from the user entry and retrieve the entry at that DN. If the attribute is absent or empty they are using the default policy, which is also in the DIT but you would have to know where, from the slapd.conf or slapd.d configuration of the ppolicy overlay. If it's an online configuration and you have access to it, it's the DN given by the attribute of the ppolicy's module configuration entry that corresponds to the ppolicy_default slapd.conf entry.
user207421
- 990
- 5
- 16
-
So, basically it will go something like this: ldapsearch -D "cn=xxxxx" -w secret -p 389 -h server.example.com -b "dc=example,dc=com" -s sub "(objectclass=*)" pwdPolicySubentry ? – Cobra Kai Dojo Nov 16 '14 at 11:24
-
@CobraKaiDojo That will get you the DN of the user's password policy entry, if it isn't the default, as it already says in my answer. If it's the default you have to follow the further steps already stated in my answer to get the DN, and either way you then have to follow the other steps in my answer to get the actual entry. – user207421 Jul 15 '17 at 09:59