mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-02-05 13:40:08 +08:00
86 lines
3.0 KiB
Plaintext
86 lines
3.0 KiB
Plaintext
# Example of ppm configuration
|
|
|
|
# Such configuration must be stored into pwdCheckModuleArg attribute
|
|
# of a password policy entry
|
|
# See slapo-ppolicy for more details
|
|
# Here is an example of such password policy:
|
|
# dn: cn=default,ou=policies,dc=my-domain,dc=com
|
|
# objectClass: pwdPolicy
|
|
# objectClass: top
|
|
# objectClass: pwdPolicyChecker
|
|
# objectClass: person
|
|
# pwdCheckQuality: 2
|
|
# pwdAttribute: userPassword
|
|
# sn: default
|
|
# cn: default
|
|
# pwdMinLength: 6
|
|
# pwdCheckModule: /usr/local/lib/ppm.so
|
|
# pwdCheckModuleArg:: bWluUXVhbGl0eSAzCmNoZWNrUkROIDAKZm9yYmlkZGVuQ2hhcnMKbWF4Q29uc2VjdXRpdmVQZXJDbGFzcyAwCnVzZUNyYWNrbGliIDAKY3JhY2tsaWJEaWN0IC92YXIvY2FjaGUvY3JhY2tsaWIvY3JhY2tsaWJfZGljdApjbGFzcy11cHBlckNhc2UgQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVogMCAxCmNsYXNzLWxvd2VyQ2FzZSBhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5eiAwIDEKY2xhc3MtZGlnaXQgMDEyMzQ1Njc4OSAwIDEKY2xhc3Mtc3BlY2lhbCA8Piw/Oy46LyHCp8O5JSrCtV7CqCTCo8KyJsOpfiIjJ3soWy18w6hgX1zDp17DoEApXcKwPX0rIDAgMQ==
|
|
#
|
|
# Different parameters are separated by a linefeed (\n)
|
|
# Parameters starting with a # are ignored
|
|
# Use a base64 tool to code / decode the content of pwdCheckModuleArg
|
|
|
|
|
|
|
|
# Parameters
|
|
|
|
# minQuality parameter
|
|
# Format:
|
|
# minQuality [NUMBER]
|
|
# Description:
|
|
# One point is granted for each class for which MIN_FOR_POINT criteria is fulfilled.
|
|
# defines the minimum point numbers for the password to be accepted.
|
|
minQuality 3
|
|
|
|
# checkRDN parameter
|
|
# Format:
|
|
# checkRDN [0 | 1]
|
|
# Description:
|
|
# If set to 1, password must not contain a token from the RDN.
|
|
# Tokens are separated by these delimiters : space tabulation _ - , ; £
|
|
checkRDN 0
|
|
|
|
# forbiddenChars parameter
|
|
# Format:
|
|
# forbiddenChars [CHARACTERS_FORBIDDEN]
|
|
# Description:
|
|
# Defines the forbidden characters list (no separator).
|
|
# If one of them is found in the password, then it is rejected.
|
|
forbiddenChars
|
|
|
|
# maxConsecutivePerClass parameter
|
|
# Format:
|
|
# maxConsecutivePerClass [NUMBER]
|
|
# Description:
|
|
# Defines the maximum number of consecutive character allowed for any class
|
|
maxConsecutivePerClass 0
|
|
|
|
# useCracklib parameter
|
|
# Format:
|
|
# useCracklib [0 | 1]
|
|
# Description:
|
|
# If set to 1, the password must pass the cracklib check
|
|
useCracklib 0
|
|
|
|
# cracklibDict parameter
|
|
# Format:
|
|
# cracklibDict [path_to_cracklib_dictionary]
|
|
# Description:
|
|
# directory+filename-prefix that your version of CrackLib will go hunting for
|
|
# For example, /var/pw_dict resolves as /var/pw_dict.pwd,
|
|
# /var/pw_dict.pwi and /var/pw_dict.hwm dictionary files
|
|
cracklibDict /var/cache/cracklib/cracklib_dict
|
|
|
|
# classes parameter
|
|
# Format:
|
|
# class-[CLASS_NAME] [CHARACTERS_DEFINING_CLASS] [MIN] [MIN_FOR_POINT]
|
|
# Description:
|
|
# [CHARACTERS_DEFINING_CLASS]: characters defining the class (no separator)
|
|
# [MIN]: If at least [MIN] characters of this class is not found in the password, then it is rejected
|
|
# [MIN_FOR_POINT]: one point is granted if password contains at least [MIN_FOR_POINT] character numbers of this class
|
|
class-upperCase ABCDEFGHIJKLMNOPQRSTUVWXYZ 0 1
|
|
class-lowerCase abcdefghijklmnopqrstuvwxyz 0 1
|
|
class-digit 0123456789 0 1
|
|
class-special <>,?;.:/!§ù%*µ^¨$£²&é~"#'{([-|è`_\ç^à@)]°=}+ 0 1
|