IETF Logo Mail Archive

[ldapext] ppolicy questions

jay alvarez <ldapb0y@yahoo.com> Mon, 27 March 2006 01:23 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNgRz-0002NX-7e; Sun, 26 Mar 2006 20:23:19 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FNgRy-0002LU-CR for ldapext@ietf.org; Sun, 26 Mar 2006 20:23:18 -0500
Received: from web38904.mail.mud.yahoo.com ([209.191.125.110]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1FNgRy-0002xD-1H for ldapext@ietf.org; Sun, 26 Mar 2006 20:23:18 -0500
Received: (qmail 28215 invoked by uid 60001); 27 Mar 2006 01:23:17 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=U29yXgLYmFsbS2vlHM72dnvIvysG3mEnKHUkEgXRROcuZEhlUobHSTWCM9X+BaBJIyMX6zKELQYq5mMfDV/8+QoeHVi1pdI4PGaKxPfJA/teqXQJTTpxcJtrkdjH0LAJ9lSFCAxKFi3x3aaAeytUNYSEpQdBbaD0bPB73i7DtdA= ;
Message-ID: <20060327012317.28213.qmail@web38904.mail.mud.yahoo.com>
Received: from [202.90.158.202] by web38904.mail.mud.yahoo.com via HTTP; Sun, 26 Mar 2006 17:23:17 PST
Date: Sun, 26 Mar 2006 17:23:17 -0800
From: jay alvarez <ldapb0y@yahoo.com>
To: ldapext@ietf.org
MIME-Version: 1.0
X-Spam-Score: 0.3 (/)
X-Scan-Signature: 9ed51c9d1356100bce94f1ae4ec616a9
Subject: [ldapext] ppolicy questions
X-BeenThere: ldapext@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: LDAP Extension Working Group <ldapext.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ldapext>
List-Post: <mailto:ldapext@ietf.org>
List-Help: <mailto:ldapext-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ldapext>, <mailto:ldapext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0220347014=="
Errors-To: ldapext-bounces@ietf.org

   Good day,
  
  I have some questions regarding draft-behera-ldap-password-policy-08.txt.
  
  1. Do you know if it has been standardized or updated yet?
  2.In pwdCheckQuality, it says  it is still in TODO list.. Do you know how to enforce the minimum included characters like it must have Upper, lower, number, special characters without administrator intervention? Sure, I can use some random password generation tools to enforce these requirements but I'm thinking a lot of negative implications..
  
  3. how does expiration warning shown to the user?? Let's say, I would do an ldapsearch in the commandline and do a simple bind... it didn't tell me if my password is about to expire even if I run it in verbose mode..
  
  4. What if in pwdMustChange, the user did not change his password after initial bind or reset by administrator?? What will happen?? The attribute explanation doesn't say anything about this....
  
  5. How to send old password when changing to  a new password(pwdSafeModify)?? 
  I've looked into ldapmodify and found nothing about this.
  My file looks like this:
  
  dn: uid=jayson,ou=people,o=example,dc=com
  changetype: modify
  replace: userPassword
  userPassword: {SSHA}g/pfweYQQRtYFxVGwhn8xnCCEcY0rDTDQ
  
  On ldapmodify operation, I got this error:
  ldap_modify: Insufficient access (50)
          additional info: Must supply old password to be changed as well as new one
  
  
  
  That's all for now, thanks!
  -jay
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Ldapext mailing list
Ldapext@ietf.org
https://www1.ietf.org/mailman/listinfo/ldapext

v2.23.0 | Report a Bug | By Email