[python-ldap] Password history / password policy
Michael Ströder
michael at stroeder.com
Wed Feb 15 11:04:56 EST 2017
Joey,
basically your LDAP server (MS AD?) is responsible for enforcing all password policy
rules including password history check. Hence it's not really a python-ldap question.
So I'd recommend to simply test it.
Ciao, Michael.
P.S.: Please subscribe to the low-traffic mailing list so I don't have to accept your
postings manually and to avoid missing a response.
Joey Hendricks wrote:
> Hi guys,
>
> I,m busy with the Python-Ldap module and i,m running into a bit of trouble
> with my company's password policy.
> We dont want a user to be able to reset his password to a password he has
> used before we have set our password policy the following way:
>
> Enforce password history : 24 passwords
> remembered
> Maximum password age : 42 days
> Minimum password age : 1 days
> Minimum password length : 8 characters
> Password must meet complexity requirements : Disabled
>
>
> i,m using the following Pyhton code to change the password
>
> server = LDAP_IP
> ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
> ldap.OPT_X_TLS_NEVER)
> conn = ldap.initialize(server)
> conn.set_option(ldap.OPT_REFERRALS, 0)
> conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
> conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
> conn.set_option(ldap.OPT_X_TLS_DEMAND, True)
> conn.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
> conn.simple_bind_s(base64.b64decode(BIND_DN),
> base64.b64decode(BIND_PASS))
> password_value1 = '"{0}\"'.format(pwd).encode("utf-16-le")
> add_pass = [(ldap.MOD_REPLACE, "UnicodePwd", password_value1)]
> conn.modify_s(CN_NAME, add_pass)
> conn.unbind_s()"
>
> Or is there a way that the ad wont change the password if the password has
> been used before.
>
> So that I completely obey my password policy.
>
> I hope someone can help me
>
> Kind regards
>
> Joey Hendricks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20170215/43446d98/attachment-0001.bin>
More information about the python-ldap
mailing list