This plugin can be used to check your password against the HIBP API.
It is used in:
Browse the Manager web interface for this configuration.
You have to enable the local password policy in General Parameters > Portal > Customization > Password policy for the plugin to work:
Then enable the checkHIBP plugin in General Parameters > Advanced parameters > Security > Check HIBP API:
When enabled, /checkhibp route is added to LemonLDAP API. It will check new user passwords on Have I Been Pwned API and display a warning message if it is compromised.
Note
The URL parameter is mandatory, and there is no default value.