Testing the Password Check Plug-In (Sun Java System Directory Server Enterprise Edition 6.2 Developer's Guide)

Sun Java System Directory Server Enterprise Edition 6.2 Developer's Guide

Testing the Password Check Plug-In

You test the plug-in using sample data delivered with Directory Server You use command-line tools to setup and register the plug-in.

To Set Up an Example Suffix

If you have not done so already, set up a directory instance with a suffix, dc=example,dc=com, containing data loaded from a sample LDIF file, install-path/ds6/ldif/Example.ldif.

Create a new Directory Server instance.

For example:

$ dsadm create /local/ds
Choose the Directory Manager password:
Confirm the Directory Manager password:
$

Start the new Directory Server instance.

For example:

$ dsadm start /local/ds
Server started: pid=4705
$

Create a suffix called dc=example,dc=com.

For example, with long lines folded for the printed page:

$ dsconf create-suffix -h localhost -p 1389 dc=example,dc=com
Enter "cn=directory manager" password: 
Certificate "CN=defaultCert, CN=hostname:1636" presented by the
 server is not trusted.
Type "Y" to accept, "y" to accept just once,
 "n" to refuse, "d" for more details: Y
$

Load the sample LDIF.

For example, with long lines folded for the printed page:

$ dsconf import -h localhost -p 1389 \
 /opt/SUNWdsee/ds6/ldif/Example.ldif dc=example,dc=com
Enter "cn=directory manager" password:  
New data will override existing data of the suffix
 "dc=example,dc=com".
Initialization will have to be performed on replicated suffixes. 
Do you want to continue [y/n] ? y

## Index buffering enabled with bucket size 16
## Beginning import job...
## Processing file "/opt/SUNWdsee/ds6/ldif/Example.ldif"
## Finished scanning file "/opt/SUNWdsee/ds6/ldif/Example.ldif" (160 entries)
## Workers finished; cleaning up...
## Workers cleaned up.
## Cleaning up producer thread...
## Indexing complete.
## Starting numsubordinates attribute generation.
 This may take a while, please wait for further activity reports.
## Numsubordinates attribute generation complete. Flushing caches...
## Closing files...
## Import complete. Processed 160 entries in 5 seconds.
 (32.00 entries/sec)

Task completed (slapd exit code: 0).
$

To Register the Plug-In

If you have not already done so, build the example plug-in library and activate both plug-in informational logging and the example plug-in.

Build the plug-in.

Hint Use install-path/examples/Makefile or install-path/examples/Makefile64.

Configure Directory Server to log plug-in informational messages and load the plug-in.

Hint Use the commands specified in the comments at the outset of the plug-in source file.

Restart Directory Server.
$ dsadm restart instance-path

To Use the Password Check Plug-In

Before You Begin

Populate the suffix dc=example,dc=com with sample data. Also, register the plug-in with Directory Server.

Enforce password quality checking so Directory Server calls your password check plug-in.

$ dsconf set-server-prop -h localhost -p 1389 \
 pwd-check-enabled:on pwd-strong-check-enabled:off

Enable logging of informational messages.

$ dsconf set-log-prop -h localhost -p 1389 error level:err-plugins

Prepare an entry that tests your password quality check.

$ cat quentin.ldif
dn: uid=qcubbins,ou=People,dc=example,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
uid: qcubbins
givenName: Quentin
sn: Cubbins
cn: Quentin Cubbins
mail: quentin.cubbins@example.com
userPassword: secret12

Add the entry to the directory.

$ ldapmodify -a -D uid=kvaughan,ou=people,dc=example,dc=com \
-w bribery -h localhost -p 1389 -f quentin.ldif

adding new entry uid=qcubbins,ou=People,dc=example,dc=com
ldap_add_s: Constraint violation

Check the errors log for further information.

$ grep secret12 /local/ds/logs/errors
[16/Feb/2006:18:13:06 +0100] - INFORMATION - 
Sample password check plug-in - conn=0 op=1 msgId=2 -  
Invalid password: secret12

The example log message as shown has been wrapped for readability in the printed version of this document.