Open GoogleCodeExporter opened 8 years ago
Does directory server 389 offer anyway to determine if the password is case
sensitive? Is there a flag on the user entry or elsewhere that will show one
way or another? Are passwords in DS389 always case sensitive?
Original comment by jrivard
on 17 Oct 2011 at 11:41
Does directory server 389 offer anyway to determine if the password is case
sensitive? Is there a flag on the user entry or elsewhere that will show one
way or another? Are passwords in DS389 always case sensitive?
Original comment by jrivard
on 17 Oct 2011 at 11:41
As far as I'm aware they're always case-sensitive. They're definitely
case-sensitive by default, at least, and I've never seen an option to disable
that (although I've never specifically looked). I'll see if I can dig up any
information about this tomorrow and will let you know.
Original comment by nitro322@gmail.com
on 18 Oct 2011 at 1:37
After searching for some more information about this, I'm still under the
impression that the userPassword attribute is always considered case sensitive
under 389 and it's derivatives. I can't find any information or documentation
about changing it, nor can I find any option in the config file or GUI related
to password case sensitivity. I think it's a safe assumption that, if you're
using 389, the userPassword is case-sensitive.
FYI, this query seems to return all password-related settings:
ldapsearch -LLL -x -H ldaps://server.domain.com:636 -D "cn=Directory Manager"
-W -b "cn=config" "(objectclass=nsslapdConfig)" | grep password
It doesn't show anything related to password case sensitivity, but it might be
useful for you to know for other options. Just wanted to give you a heads up
in case you weren't familiar with it.
Thanks for looking into this.
Original comment by nitro322@gmail.com
on 19 Oct 2011 at 3:16
I have made a policy-override setting for case sensitivity, and I can
definitely change the default for 389 server. Better yet would be to read that
policy from the server. Can you share a sample output of that command? Are
there any docs on it?
Original comment by jrivard
on 19 Oct 2011 at 9:12
Like I said, there doesn't seem to be any way to define case sensitivity on the
server, so I can't find any way to query it. As for documentation, this seems
to thoroughly cover all of the password policy options:
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.1/html/Configuratio
n_and_Command_Reference/config-object-classes.html#passwordPolicy
Although... the documentation mentions a specific passwordpolicy objectclass,
but on my 389 server (which shares the code base with Red Hat) all of these
settings under under the nsslapdconfig objectclass. Not sure how much that
matters in practical terms, but I thought I'd throw it out there in case you do
try to write some kind of policy check for this.
I can still share the output in case you'd like to see the values, but it
doesn't show anything you wouldn't expect to see after referencing the doc.
Just let me know.
Original comment by nitro322@gmail.com
on 20 Oct 2011 at 2:00
v1.6.1 has option to set case sensitivy manually. Leaving issue openfor DS389
integration.
Original comment by jrivard
on 13 Feb 2012 at 8:48
Original comment by jrivard
on 7 May 2012 at 9:00
Issue 196 has been merged into this issue.
Original comment by jrivard
on 21 May 2012 at 3:32
Original issue reported on code.google.com by
nitro322@gmail.com
on 5 Oct 2011 at 9:56Attachments: