<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"> <head> <meta name="generator" content= "HTML Tidy for Linux/x86 (vers 6 November 2007), see www.w3.org" /> <title>Lemonldap::NG documentation: password-policy.html</title> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> </head> <body> <div class="main-content"> <h2 class="heading-1"><span id="HUsingPasswordPolicy">Using Password Policy</span></h2> <p class="paragraph"></p> <ul> <li><a href="#HThePasswordPolicyStandard">The Password Policy Standard</a></li> <li> <a href="#HPrerequisites">Prerequisites</a> <ul> <li><a href="#HCompliantLDAPserver">Compliant LDAP server</a></li> <li><a href="#HPerlNet3A3ALDAPmodule">Perl Net::LDAP module</a></li> </ul> </li> <li><a href="#HPasswordPolicyinLemonLDAP3A3ANG">Password Policy in LemonLDAP::NG</a></li> </ul> <h3 class="heading-1-1"><span id="HThePasswordPolicyStandard">The Password Policy Standard</span></h3> <p class="paragraph"></p>Password Policy is still now a draft of an LDAPv3 extension and can be read here: <span class="wikiexternallink"><a href= "https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt"> https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt</a></span> (en). Some LDAP servers implements it, like OpenLDAP and its ppolicy overlay. <h3 class="heading-1-1"><span id= "HPrerequisites">Prerequisites</span></h3> <h4 class="heading-1-1-1"><span id="HCompliantLDAPserver">Compliant LDAP server</span></h4> <p class="paragraph"></p>Your LDAP server must provide the LDAP Password Policy Control (OID: 1.3.6.1.4.1.42.2.27.8.5.1). <p class="paragraph"></p>Documentation on how to set ppolicy in OpenLDAP can be found here: <span class="wikiexternallink"><a href= "http://www.linagora.org/article165.html">http://www.linagora.org/article165.html</a></span> (fr). <h4 class="heading-1-1-1"><span id="HPerlNet3A3ALDAPmodule">Perl Net::LDAP module</span></h4> <p class="paragraph"></p>The Net::LDAP::Control::PasswordPolicy is available since Perl-LDAP 0.36. Please update your Perl installation if you want to deal with Password Policy in LemonLDAP::NG: <span class= "wikiexternallink"><a href= "http://ldap.perl.org/">http://ldap.perl.org/</a></span> (en). <h3 class="heading-1-1"><span id= "HPasswordPolicyinLemonLDAP3A3ANG">Password Policy in LemonLDAP::NG</span></h3> <p class="paragraph"></p>The Password Policy functionality is available since LemonLDAP::NG 0.9.1. It allows to display on the portal page 2 new error messages: <ul class="star"> <li>Your account is locked</li> <li>Your password has expired</li> </ul>Other use case are a work in progress. <p class="paragraph"></p>To activate Password Policy, you have to set a new parameter inside you portal perl script (e.g. portal/index.pl), like: <p class="paragraph"></p> <div class="code"> <pre> #!/usr/bin/perl<br /><br />use Lemonldap::NG::Portal::SharedConf;<br /><br />my $portal = Lemonldap::NG::Portal::SharedConf-><span class="java-keyword">new</span>( { configStorage => { type => 'File', dirName => '/<span class="java-keyword">var</span>/lib/config', }, <b class="bold">ldapPpolicyControl => 1</b>, } ); </pre> </div> </div> </body> </html>