WebADM password policy

[Vitaly Maystrovich]

Hello,

It is possible to create Password Policy (Level 1) in WebADM Administrator Portal. Is there a way to apply created password policy to certain LDAP subtree, but not the whole LDAP database. I use OpenLDAP.

[Spyridon Gouliarmis (RCDevs)]

Password policies are an OpenLDAP feature, WebADM just provides a GUI to create and modify them. You can set a default policy in slapd.conf, and ask that a user be subject to another policy through an attribute on that user account. A policy for a subtree, I don't know. If you find something in OpenLDAP's documentation, feel free to post it here.

[Vitaly Maystrovich]

I created a password policy (not modify ppolicy) with the following parametes and applied it to my TestUser:
Pwdexpirewarning     30
Password Lockout     Yes
Password Max Age   180
Pwdmaxfailure          3
Pwdmustchange       TRUE
Pwdsafemodify         TRUE

Alert emails configured to my email.
TestUser has my email as parameter.
TestUser also has "Send Blocking Email" TRUE as OTP parameter.

But after Pwdexpirewarning I could not have emails about password expiration. I also could not have emails about the user must change password.
Only emails I have are when TestUser tried 4 times enter wrong password and account blocked.

Does anyone have the same problems? Or did anyone solve this troubles

[Spyridon Gouliarmis (RCDevs)]

The application of password policies is the ppolicy overlay's business. Any ppolicy logic stays in the slapd process, and WebADM is completely unaware of it. So it cannot send you alert emails about the policy blocking or "expiring" your user, only alert emails about *OpenOTP* blocking your user from getting authenticated by OpenOTP.