I am trying to combine Active Directory password complexity requirements implemented in collective.pwexpiry with LDAP in Plone 4.3 (later I will try it with Plone 5).
I adapted all settings in configuration registry tool as described in the configuration and customization paragraph on the PyPi download page (and later also directly in the registry.xml). I got the script notify_and_expire.py running and that works fine for 15 days and other days that I added.
3 times trying to login with a wrong password results in a block and the unblock function works.
I implemented also this: Defining custom password validation methods.
The idea is that the default Plone password length check of 5 characters is replaced by this validator: check on min 8 characters plus minimum of special characters in it.
I used a copy of the example_validator.py and renamed that to password_validator.py and changed the classname inside it from ADPasswordValidator to MyPasswordValidator.
I added in configure.zcml (located in the same directory as example_validator.py and password_validator.py) this adapter as documented on PyPI.
My Plone 4.3 is configured that users can register themselves and define a own password.
Now the issues that I face (and i tried it by moving the plugins in different order for the various PAS functions like Authentication, User Adder, User Management and Challenge etcetera).
When a new user registers only password check on 5 characters works (that is the default of Plone).
Immediately after successful registration the system comes with Password Expired (strange). When a Reset is done (email with activate link is send) then I can login.
I also want users to force to change passwords and therefore the history is kept but also that is not working at all.
Finally I tried this all also on a clean Plone without LDAP, but without success..
Has somebody the same experience are found a solution or can give me some hints. Maybe a false configuration in the wrong configure.zcml file?
What position should the plugins have for the PAS functions?
Thanks for any suggestion.