OBM password policy

Introduction

this document specifies the password policy in OBM

Features

  • archived account : user can't access OBM services, but data is kept.
  • disabled account : user can't access OBM services until he changes his password.
  • OBM can check password length
  • OBM can exclude some characters in passwords
  • OBM can force a password change every X days

implementation

  • To Samba : using ldap attribute by automate
  • To OpenLDAP:
    • add Ldap attribute : “isDisabled”
    • add ACL to limit ldap bind with attribute “isDisabled”
  • To DB : add field “userobm_password_invalidated”
  • add automate script to invalidate a password : invalidateAccount.pl
    • this script must check DB and LDAP
  • add cron to launch invalidateAccount.pl every day
specification/passwordpolicy.txt · Last modified: 2009/11/03 13:57 (external edit)
Driven by DokuWiki