[PR #1024] [CLOSED] Adding regex to support basic complexity requirements. #1081

New issue

Closed

opened 2026-02-27 09:10:50 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 09:10:50 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/lldap/lldap/pull/1024
Author: @gplubeck
Created: 11/1/2024
Status: ❌ Closed

Base: main ← Head: main

📝 Commits (2)

c075f6e Adding regex to support basic complexity requirements.
be81535 adding password length requirement as well.

📊 Changes

2 files changed (+23 additions, -1 deletions)

View changed files

📝 app/Cargo.toml (+1 -0)
📝 app/src/components/change_password.rs (+22 -1)

📄 Description

There appear to be a number of requests for volunteer organizations or small businesses (521, 783, etc) that want basic password complexity. This pull request would add the ability to to add pseudo complex password. I know length is better indicator for initial password and entropy for password changes, but government organizations have their rules.

I am also tracking this doesn't enforce it on the back-end, nor with creation of an account. This was purposeful as being an admin and creating an account with password or something easy to remember can be useful at times. Additionally if you are changing the password via the cli, you have enough access to do whatever you want and should be responsible for your actions.

What this pull request is missing:

Not sure how lldap wants to support configuration. Right now this merely replaces the empty_or_long validation. Obviously this is not a good approach as it would be better implemented as a turn on when needed configuration. Open to suggestions for how lldap usually does this.
Might be useful to add a database field for when passwords are changed. This could be used to ensure password have been changed after a breach. Additionally, for people like issue 783 they could update their clients to request the attribute if they really want. I am open to implementing this, but don't ever rust so would appreciate a push in the right direction.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/lldap/lldap/pull/1024 **Author:** [@gplubeck](https://github.com/gplubeck) **Created:** 11/1/2024 **Status:** ❌ Closed **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (2) - [`c075f6e`](https://github.com/lldap/lldap/commit/c075f6e7347138785f39f65e54c88c9ef95b54a7) Adding regex to support basic complexity requirements. - [`be81535`](https://github.com/lldap/lldap/commit/be815352b5dbf6912a6beff9a4a522cc7e1593d1) adding password length requirement as well. ### 📊 Changes **2 files changed** (+23 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `app/Cargo.toml` (+1 -0) 📝 `app/src/components/change_password.rs` (+22 -1) </details> ### 📄 Description There appear to be a number of requests for volunteer organizations or small businesses ([521](https://github.com/lldap/lldap/issues/521), [783](https://github.com/lldap/lldap/issues/783), etc) that want basic password complexity. This pull request would add the ability to to add pseudo complex password. I know length is better indicator for initial password and entropy for password changes, but government organizations have their rules. I am also tracking this doesn't enforce it on the back-end, nor with creation of an account. This was purposeful as being an admin and creating an account with password or something easy to remember can be useful at times. Additionally if you are changing the password via the cli, you have enough access to do whatever you want and should be responsible for your actions. What this pull request is missing: 1) Not sure how lldap wants to support configuration. Right now this merely replaces the empty_or_long validation. Obviously this is not a good approach as it would be better implemented as a turn on when needed configuration. Open to suggestions for how lldap usually does this. 2) Might be useful to add a database field for when passwords are changed. This could be used to ensure password have been changed after a breach. Additionally, for people like issue 783 they could update their clients to request the attribute if they really want. I am open to implementing this, but don't ever rust so would appreciate a push in the right direction. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>