Password rules?

[jm_phila]

I was looking to set up password complexity rules for my users so that I can open my Sugar CE 6.2.3 instance up for use outside my network, but I can't seem to find the settings. I see them documented in the CE 5.5 guide, but nowhere after. There are also remnants of it in the Change Password code, but nowhere to adjust settings.

It does look like this is available in the subscription versions. Is the feature (a pretty fundamentally necessary one) crippled in CE, or am I missing it?

[rafael.q.g@hotmail.com]

I also don't know where to configure that (whether it is possible).
But in cases LDAP autehtication is used, the password definition don't depends of sugar application, it is defined in external sources.

To have it on sugar (in case this feature isn't available) you could try one fo follow solutions:
- Update file /modules/Users/Save.php: In this file you could check the value was input for user's password, then you could make validations using PHP.
- Update file /modules/Users/Editview.tpl, here you could add a js function to be called before submit user's form. Then you can validate password complexity using js.

[jm_phila]

Thanks Rafael. I've run with this a bit and found that I can accomplish what I need by adding some logic to the "change_password" function in /modules/Users/User.php. However, this is not upgrade-safe, and I'd very much like it to be. I have tried creating a CustomUser class to extend User, but it doesn't appear to be called unless I add a /custom/Extension/application/Ext/Include/include.ext.php with the following:

PHP Code:

<?php
$beanList['Users'] = 'CustomUser';
$beanFiles['User'] = 'custom/modules/Users/CustomUser.php';
?>

That, unfortunately, appears to cause issues with MVC, among other things.

Any ideas for making this change upgrade-safe?

[jm_phila]

It seems that several password management features, though covered in CE documentation, are missing. I can't seem to find the "maximum number of login attempts" setting either.

Can anyone on the Sugar team let me know whether these settings are intentionally missing, or if there is something wrong with my Sugar instance?

[Angel]

The settings in question can be accessed via Admin > Password Management.

Note that the features for Pro and other commercial versions are more robust than those in CE. I am guessing the documentation is referring to features from Pro, although they don't exist in CE, hence part of the confusion.

[jm_phila]

Thanks Angel. I see the settings in Admin > Password Management. The "more robust" features are certainly missing.

So am I correct in assuming that though they appear in the documentation for several versions of CE, they are indeed only present in Pro?

[Angel]

That would be a correct assumption.