I'm trying to debug the default policy option. Here is a sample of my conf :
$ldap_url = "ldap://myldap.com";
$ldap_starttls = false;
$ldap_binddn = "cn=admin,dc=mydomain";
$ldap_bindpw = "pwd";
$ldap_base = "dc=mydomain";
$ldap_user_base = "ou=users,".$ldap_base;
$ldap_user_filter = "(objectClass=inetOrgPerson)";
$ldap_group_filter =
$ldap_size_limit = 100;
$ldap_default_ppolicy = "cn=default,ou=ppolicies,dc=mydomain";
dn: cn=default,ou=ppolicies,dc=mydomain
cn: default
objectClass: pwdPolicy
objectClass: pwdPolicyChecker
objectClass: device
objectClass: top
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdCheckModule: pqchecker.so
pwdExpireWarning: 0
pwdFailureCountInterval: 0
pwdGraceAuthNLimit: 0
pwdInHistory: 0
pwdLockout: TRUE
pwdLockoutDuration: 7200
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 8
pwdMustChange: FALSE
pwdSafeModify: FALSE
# Data format: 0|UULLDDSS@)..
# Or : 1|UULLDDSS@)..
#
# 1st character is the modified passwords broadcast flag. 1 -> Broadcast, 0 -> Don't broadcast
# 2nd character is a separator
# U: Uppercase, L: Lowercase, D: Digit, S: Special characters -> from 3rd to 10th charater.
# From the 11th character begins the list of forbidden characters
# Defaulti: No broadcast, 1 Uppercase, 1 Lowercase, 1 digit, 1 Special and no forbidden characters
# https://www.meddeb.net/pqchecker/?Idx=2
0|01010100
But if I reset a password from Service-Desk, It will accept anything (qwerty for my latest test).
In my ldap logs I can see there is a query for my password policy but that's all. And for service-desk, theses are my only logs :
PHP Notice: Undefined variable: smarty_compile_dir in /usr/share/service-desk/htdocs/index.php on line 38, referer: https://service-desk.url/index.php?page=display&dn=cn=testUserFirstName%20testUserName,ou=users,dc=domain&resetpasswordresult=passwordchanged
PHP Notice: Undefined variable: smarty_cache_dir in /usr/share/service-desk/htdocs/index.php on line 39, referer: https://service-desk.url/index.php?page=display&dn=cn=testUserFirstName%20testUserName,ou=users,dc=domain&resetpasswordresult=passwordchanged
172.20.0.6 - myuser [06/Dec/2020:16:40:35 +0100] "POST /index.php?page=resetpassword HTTP/1.1" 302 4737 "https://service-desk.url/index.php?page=display&dn=cn=testUserFirstName%20testUserName,ou=users,dc=domain&resetpasswordresult=passwordchanged" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0"
PHP Notice: Undefined variable: smarty_compile_dir in /usr/share/service-desk/htdocs/index.php on line 38, referer: https://service-desk.url/index.php?page=display&dn=cn=testUserFirstName%20testUserName,ou=users,dc=domain&resetpasswordresult=passwordchanged
PHP Notice: Undefined variable: smarty_cache_dir in /usr/share/service-desk/htdocs/index.php on line 39, referer: https://service-desk.url/index.php?page=display&dn=cn=testUserFirstName%20testUserName,ou=users,dc=domain&resetpasswordresult=passwordchanged
172.20.0.6 - myuser [06/Dec/2020:16:40:35 +0100] "GET /index.php?page=display&dn=cn=testUserFirstName%20testUserName,ou=users,dc=domain&resetpasswordresult=passwordchanged HTTP/1.1" 200 2954 "https://service-desk.url/index.php?page=display&dn=cn=testUserFirstName%20testUserName,ou=users,dc=domain&resetpasswordresult=passwordchanged" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:82.0) Gecko/20100101 Firefox/82.0"