RSS feed

Re: libpam-ldap and password policies

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: libpam-ldap and password policies

Sorry for not replying sooner.

On Thu, 29 Mar 2018, André Rodier wrote:
Is there any way to configure libpam-ldap to fulfil the password policies specified in the directory?

This should be picked up by default on most operations.

However, if I logon on the system as "andre", I can change my password, type a three letters new password, and libpam-ldap will not complain at all.

I think the issue in your config is that pwdCheckQuality is set to 0. I think the password will only be refused if the value is 2. Regarding policy information nslcd will only enforce what is returned by the LDAP server and will not interpret policy settings itself (this is where it differs from policy-like settings in shadowAccount attributes).

Hope this helps,

-- Arthur - - --
To unsubscribe send an email to or see