Using Password Policy

The Password Policy Standard

Password Policy is still now a draft of an LDAPv3 extension and can be read here: https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt (en). Some LDAP servers implements it, like OpenLDAP and its ppolicy overlay.

Prerequisites

Compliant LDAP server

Your LDAP server must provide the LDAP Password Policy Control (OID: 1.3.6.1.4.1.42.2.27.8.5.1).

Documentation on how to set ppolicy in OpenLDAP can be found here: http://www.linagora.org/article165.html (fr).

Perl Net::LDAP module

The Net::LDAP::Control::PasswordPolicy is available since Perl-LDAP 0.36. Please update your Perl installation if you want to deal with Password Policy in LemonLDAP::NG: http://ldap.perl.org/ (en).

Password Policy in LemonLDAP::NG

The Password Policy functionality is available since LemonLDAP::NG 0.9.1. It allows to display on the portal page 2 new error messages: Other use case are a work in progress.

To activate Password Policy, you have to set a new parameter inside you portal perl script (e.g. portal/index.pl), like:

#!/usr/bin/perl

use Lemonldap::NG::Portal::SharedConf;

my $portal = Lemonldap::NG::Portal::SharedConf->new( { configStorage => { type => 'File', dirName => '/var/lib/config', }, ldapPpolicyControl => 1, } );