To Use the Password Check Plug-In (Sun Java System Directory Server Enterprise Edition 6.2 Developer's Guide)

Sun Java System Directory Server Enterprise Edition 6.2 Developer's Guide

To Use the Password Check Plug-In

Before You Begin

Populate the suffix dc=example,dc=com with sample data. Also, register the plug-in with Directory Server.

Enforce password quality checking so Directory Server calls your password check plug-in.

$ dsconf set-server-prop -h localhost -p 1389 \
 pwd-check-enabled:on pwd-strong-check-enabled:off

Enable logging of informational messages.

$ dsconf set-log-prop -h localhost -p 1389 error level:err-plugins

Prepare an entry that tests your password quality check.

$ cat quentin.ldif
dn: uid=qcubbins,ou=People,dc=example,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: qcubbins
givenName: Quentin
sn: Cubbins
cn: Quentin Cubbins
mail: quentin.cubbins@example.com
userPassword: secret12

Add the entry to the directory.

$ ldapmodify -a -D uid=kvaughan,ou=people,dc=example,dc=com \
-w bribery -h localhost -p 1389 -f quentin.ldif

adding new entry uid=qcubbins,ou=People,dc=example,dc=com
ldap_add_s: Constraint violation

Check the errors log for further information.

$ grep secret12 /local/ds/logs/errors
[16/Feb/2006:18:13:06 +0100] - INFORMATION - 
Sample password check plug-in - conn=0 op=1 msgId=2 -  
Invalid password: secret12

The example log message as shown has been wrapped for readability in the printed version of this document.