Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reject password if it contains tokens from an attribute of the LDAP entry #17

Closed
eseyman opened this issue Sep 24, 2019 · 3 comments
Closed

Reject password if it contains tokens from an attribute of the LDAP entry #17

eseyman opened this issue Sep 24, 2019 · 3 comments
Assignees
@davidcoutadeur
Labels
enhancement
Milestone
v2.1

Comments

@eseyman
Copy link

eseyman commented Sep 24, 2019

I've been asked to implement the rejection of new passwords if they contain the user's first or last name (we currently reject for username). Would it be possible to extend ppm's checkRDN's functionality to include other attributes than the RDN?
@coudot coudot added this to the 1.8 milestone Sep 24, 2019
@davidcoutadeur
Copy link
Collaborator

Hi @eseyman, the feature could be interresting, but it is much more complicated to achieve, because as a ppolicy submodule, ppm only get few informations from the user.

@coudot coudot modified the milestones: 1.8, 1.9 Nov 8, 2019
@davidcoutadeur davidcoutadeur removed this from the 1.9 milestone Nov 5, 2021
@davidcoutadeur davidcoutadeur added this to the 2.0 milestone Mar 21, 2022
@davidcoutadeur
Copy link
Collaborator

The function signature in ppolicy in OpenLDAP 2.5 allows to read the whole entry:

int check_password (char *pPasswd, char **ppErrStr, Entry *pEntry, struct berval *pArg);

This feature could be really interesting.

It would be nice to set any attribute for the check.

@davidcoutadeur davidcoutadeur changed the title Reject password if it contains tokens from givenName and sn Reject password if it contains tokens from an attribute of the LDAP entry Mar 21, 2022
@davidcoutadeur davidcoutadeur modified the milestones: 2.0, v2.1 Mar 22, 2022
davidcoutadeur added a commit that referenced this issue Mar 22, 2022
@davidcoutadeur
Reject password if it contains tokens from an attribute of the LDAP e…
fbebaf2 
…ntry #17
@davidcoutadeur
Copy link
Collaborator

Done in fbebaf2

makr pushed a commit to makr/openldap that referenced this issue Jun 7, 2022
@davidcoutadeur
upgrade ppm to 2.1 release (references #ITS9814)
18786c4 
Reject password if it contains tokens from an attribute of the LDAP entry ltb-project/ppm#17
SuzyWangIBMer pushed a commit to SuzyWangIBMer/openldap that referenced this issue Aug 18, 2022
@davidcoutadeur @quanah
ITS#9814 - upgrade ppm to 2.1 release
85f38f8 
Reject password if it contains tokens from an attribute of the LDAP entry ltb-project/ppm#17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@davidcoutadeur davidcoutadeur

Labels
enhancement
Projects
None yet
Milestone
v2.1
Development

No branches or pull requests
3 participants
@coudot @eseyman @davidcoutadeur