OpenLDAP password policy pwdCheckModule - Page 3
pqChecker deployment and test

pqChecker is deployed in the same machine than OpenLDAP server. Care must be taken, in particular, to the location of two files.

  • pqchecker.so must be in the location defined by olcModulePath parameter (modulepath in old style slapd.conf file).
  • pqparams.dat must be in the location defined at build time of pqchecker.so library (PARAMDIR setting of configure script). See INSTALL file provided with sources and build from sources explanation for more detail.
If we try to change the password using a value who not compliant with quality settings, eg using the command ldappasswd:

The server responds with the error message: 'Constraint violation', code 19. More detail can be obtained from the server log file:


If modified password is compliant with quality settings, no error message is chown and slapd log look like: