User Tools
Sidebar
snippets:linux_quickshotsetups:ldap_auth_server_pwdpolicy
What is this?
Notes for configuring pwdpolicy on openldap 2.4.
### loading the module is mostly not required - it's already loaded
# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/ppolicy.ldif
### lets create a new OU for policies
$ cat >polou.ldif<<EOF
dn: ou=policies,dc=fluxcoil,dc=net
objectClass: top
objectClass: organizationalUnit
ou: policies
description: My Organization policies come here
EOF
$ ldapadd -D cn=manager,dc=fluxcoil,dc=net -w secret -f polou.ldif
### add ppolicy
$ cat >ppmodule.ldif<<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModuleLoad: ppolicy
EOF
$ ldapadd -Y EXTERNAL -H ldapi:/// -f ppmodule.ldif
### add the pwdoverlay, our database here is bdb
$ cat >pwdpolicyoverlay.ldif<<EOT
dn: olcOverlay={0}ppolicy,olcDatabase={2}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=fluxcoil,dc=net
EOT
$ ldapadd -Y EXTERNAL -H ldapi:/// -f pwdpolicyoverlay.ldif
### add password policy
$ cat >passwordpolicy.ldif<<EOF
dn: cn=default,ou=policies,dc=fluxcoil,dc=net
cn: default
objectClass: pwdPolicy
objectClass: device
objectClass: top
pwdAttribute: 2.5.4.35
pwdMaxAge: 3024000
pwdExpireWarning: 1814400
pwdInHistory: 4
pwdCheckQuality: 1
pwdMinLength: 9
pwdMaxFailure: 4
pwdLockout: TRUE
pwdLockoutDuration: 600
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE
EOF
$ ldapadd -D cn=manager,dc=fluxcoil,dc=net -w secret -f passwordpolicy.ldif
### verify config
$ ldapsearch -Y EXTERNAL -H ldapi:/// -b olcDatabase={2}bdb,cn=config
snippets/linux_quickshotsetups/ldap_auth_server_pwdpolicy.txt ยท Last modified: 2022/11/13 12:06 by 127.0.0.1
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
