password policy doesn't change

21 views
Skip to first unread message

ahad alam

unread,
Mar 21, 2025, 11:21:06 PMMar 21
to pwm-general
I have selected password policy source as LDAP. But the password policy is not as same as my LDAP password policy settings. I am using OpenLDAP as LDAP vendor default setting. How can i resolve this issue?
The default password policy is like below

Please change your password. Keep your new password secure. After you type your new password, click the Change Password button. If you must write it down, be sure to keep it in a safe place. Your new password must meet the following requirements:

  • Password is case sensitive.
  • Must be at least 10 characters long.
  • Can be changed no more often then once every 1 hour.
It also doesn't allow any symbol or numeric value as password. Where is the settings comes from? How can i change this settings to allow symbol and numeric values as password.

N.B: when i select password policy source as both(merged), the settings still persists and it doesn't allow symbol and numeric value.

Jason Rivard

unread,
Mar 24, 2025, 7:14:59 PMMar 24
to pwm-general
PWM has limited ability to read OpenLDAP password policy settings, or none depending on how things are configured.    You can see what PWM reads for a user, it's own configured policy, and the merged effective policy by going to admin -> user debug screen and looking up a user.

You may need to set the policy source to PWM and configure the PWM policy to match what you have configured in LDAP to get the results your looking for.

Also understand the summary rules presented to the user and not exhaustive, they are a best-effort english translation of all the complex policies that PWM actually has.  You can either specify your own text if you want, but in general it's probably not best to confuse your users by giving them the whole story.  Instead, if they encounter the rarer violations they will get feedback while typing a new password value.
Reply all
Reply to author
Forward
0 new messages