OpenLDAP directory server with the ppolicy overlay allows to manage a powerful passwords policy. All aspects of this policy are directly supported by the ppolicy overlay, apart from the content quality of the password. The passwords content strength management is delegated to an external plug-in that must be a native shared library. The pqChecker component offers this feature. It allows to control the content of passwords, ie:
- Number of required uppercase characters.
- Number of required lowercase characters.
- Number of required special characters (non-alphabetical characters).
- Number of required digits (0-9).
- Forbidden characters.
- Setting the passwords content quality programmatically.
- Real-time broadcast to other information systems of the modified passwords.
At each modification, or first password entry in the directory, pqChecker is solicited. It receives the new value of this attribute and checks its compliance with the defined strength parameters. At the end of this control, this value is accepted or rejected.
In addition, it is possible to read and modify the quality parameters through middlware communication with a JMS server: pqMessenger. This feature allows to manage these parameters without any particular system constraint (need for system administrator intervention). It even allows the use of a graphical user interface for this purpose.
pqChecker also allows to in real time broadcast the new password, after its validation. This feature provides the ability to synchronize passwords stored in the OpenLDAP directory with other systems that use it (RDBMS, email servers, other LDAP servers..). The passwords diffusion isn't a default behavior, It is deactivated by default but can be activated by simple setting.
The three functions of reading, modifying parameters and broadcasting new passwords are JNI-compatible. The pqMessenger middleware, uses this mechanism to ensure the exchange of those data with a JMS server.
pqChecker is a free and opensource software. It is licensed under the GNU GPL v3+ license.