Forcing or recommending a certain level of entropy in passwords can reduce (debatable) your attack surface, and is a requirement of CWE-521: http://cwe.mitre.org/data/definitions/521.html
Minimum and maximum length (supported in eZ Platform now)
Require mixed character sets (alpha,numeric, special, mixed case) (supported in eZ Platform now)
3) Do not contain user name
Expiration (supported in eZ Platform now)
5) No password reuse
These are easy to do logic-wise. Avoiding dictionary based passwords like "secret" is a little harder to do well, but such simple passwords are anyway mitigated by the above 5 rules, and dictionary words have the advantage that they are easier to remember (when not using password keepers).
Suggestion: Add a password quality checker for eZ Platform, with configurable criteria, which informs the user of the quality level of their password, and/or refuses to accept passwords below a set threshold. (Note: Configurable criteria are implemented now)
This can also run during login, so that passwords created before the checker was put in place will also be checked. Optionally it can enforce that bad passwords be changed immediately.