Dear developers,
SOGo offers parameter userPasswordPolicy when authentication using SQL:
https://www.sogo.nu/files/docs/SOGoInstallationGuide.html#Authentication-using-SQL
It supports:
- Minimum of 1 lowercase letter
- Minimum of 1 uppercase letter
- Minimum of 1 digit
- Minimum of 2 special symbols
- Minimum length of 8 characters
But with LDAP, it offers parameter passwordPolicy which relies on LDAP Password Policies attributes, the most importantly, it's different than what userPasswordPolicy does.
Quote from OpenLDAP Administrator's Guide (https://www.openldap.org/doc/admin26/overlays.html#Password%20Policies):
The key abilities of the password policy overlay are as follows:
- Enforce a minimum length for new passwords
- Make sure passwords are not changed too frequently
- Cause passwords to expire, provide warnings before they need to be changed, and allow a fixed number of 'grace' logins to allow > 4. them to be changed after they have expired
- Maintain a history of passwords to prevent password re-use
- Prevent password guessing by locking a password for a specified period of time after repeated authentication failures
- Force a password to be changed at the next authentication
- Set an administrative lock on an account
- Support multiple password policies on a default or a per-object basis.
- Perform arbitrary quality checks using an external loadable module. This is a non-standard extension of the draft RFC.
As you can see, they're totally different and only first rule is supported by SQL userPasswordPolicy.
So the request is, can we support userPasswordPolicy when authenticating using LDAP? | 