Sun Directory Server Enterprise Edition 7.0 Developer's Guide

ProcedureTo Use the Password Check Plug-In

Before You Begin

Populate the suffix dc=example,dc=com with sample data. Also, register the plug-in with Directory Server.

  1. Enforce password quality checking so Directory Server calls your password check plug-in.

    $ dsconf set-server-prop -h localhost -p 1389 \
     pwd-check-enabled:on pwd-strong-check-enabled:off
  2. Enable logging of informational messages.

    $ dsconf set-log-prop -h localhost -p 1389 error level:err-plugins
  3. Prepare an entry that tests your password quality check.

    $ cat quentin.ldif
    dn: uid=qcubbins,ou=People,dc=example,dc=com
    objectclass: top
    objectclass: person
    objectclass: organizationalPerson
    objectclass: inetOrgPerson
    uid: qcubbins
    givenName: Quentin
    sn: Cubbins
    cn: Quentin Cubbins
    userPassword: secret12
  4. Add the entry to the directory.

    $ ldapmodify -a -D uid=kvaughan,ou=people,dc=example,dc=com \
    -w bribery -h localhost -p 1389 -f quentin.ldif
    adding new entry uid=qcubbins,ou=People,dc=example,dc=com
    ldap_add_s: Constraint violation
  5. Check the errors log for further information.

    $ grep secret12 /local/ds/logs/errors
    [16/Feb/2006:18:13:06 +0100] - INFORMATION - 
    Sample password check plug-in - conn=0 op=1 msgId=2 -  
    Invalid password: secret12

    The example log message as shown has been wrapped for readability in the printed version of this document.