0

I have a NextCloud server which is connected to an openLDAP server. All users can change their passwords which should follow a password policy. For users which only have a NextCloud account, this works fine with the setting in NextCloud. However, most users have an openLDAP account. I followed this HowTo

https://kifarunix.com/implement-openldap-password-policies/

to set up the password policy in openLDAP. On the LDAP server itself it works (e.g. minimum of 10 characters). However, you can type in any password changing it via the NextCloud. In the NextCloud I use cn=admin to connect to the LDAP server.

Has anyone any idea why the password policy is ignored?

Best regards

Improve this question
1
  • I guess connection of the admin account is the problem, as I get the same result if I use the command line directly on the server.
    – Arne Fallisch
    Commented Jul 26, 2022 at 11:49

1 Answer 1

Reset to default
0

You cannot use the admin account to connect the NextCloud to the LDAP server because it circumvents your password policy. You need another user with special rights. I used an LDIF file containing this

dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to dn.subtree="ou=people,o=suffix"
  by dn.exact=cn=nextcloud,dc=ldap,dc=quarep,dc=org manage
olcAccess: to attrs=userPassword
  by dn.exact=cn=nextcloud,dc=ldap,dc=quarep,dc=org manage
  by self write
  by anonymous auth
  by * none
olcAccess: to attrs=shadowLastChange
  by self write
  by * read
olcAccess: to * by * read

to grant the user nextcloud enough rights.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .