Forcing or recommending a certain level of entropy in passwords can reduce (debatable) your attack surface, and is a requirement of CWE-521: http://cwe.mitre.org/data/definitions/521.html
1) Minimum and maximum length
2) Require mixed character sets (alpha,numeric, special, mixed case)
3) Do not contain user name
5) No password reuse
These are easy to do logic-wise (except expiration, which may require a schema update). Avoiding dictionary based passwords like "secret" is a little harder to do well, but such simple passwords are anyway mitigated by the above 5 rules, and dictionary words have the advantage that they are easier to remember (when not using password keepers).
Suggestion: Add a password quality checker for eZ Platform, with configurable criteria, which informs the user of the quality level of their password, and/or refuses to accept passwords below a set threshold.
This can also run during login, so that passwords created before the checker was put in place will also be checked. Optionally it can enforce that bad passwords be changed immediately.