OpenLDAP directory server with the ppolicy overlay allows to manage a powerful passwords policy. All aspects of this policy are directly supported by the ppolicy overlay, apart from the password content quality. The passwords content strength management is left to an external plug-in that must be a native shared library. The pqChecker component provides this feature. It allows to check the content of passwords, i.e:
- Number of required uppercase characters.
- Number of required lowercase characters.
- Number of required special characters (non-alphabetical characters).
- Number of required digits (0-9).
- Forbidden characters.
- Setting the passwords content quality programmatically.
- Real-time broadcast to other information systems of the modified passwords.
At each modification, or first password entry in the directory, pqChecker is involved. It receives the new value of this attribute and checks its compliance with the defined strength settings. At the end of this control, this value is accepted or rejected.
In addition, it is possible to read and modify the quality settings through pqMessenger component. This feature allows to manage these parameters without any particular system constraint (need to involve a system administrator). It even allows the use of a graphical user interface for this purpose.
Also, pqChecker allows to real-time broadcast the new password value, after its validation. This feature provides the ability to synchronize passwords stored in the OpenLDAP directory with other systems that use it like RDBMS, email servers and other LDAP servers. The passwords broadcasting isn't the default behavior of pqChecker. Default deactivated, It may be activated by simple setting.
The three functions of reading, modifying settings and broadcasting new passwords values are JNI-compliant. The pqMessenger component, uses this feature to ensure the exchange of those data with a Message oriented middleware (MoM).
pqChecker is a free and opensource software. It is licensed under the GNU GPL v3+ license.