Search This Blog

Friday, 4 November 2016

Add Password Policy in LDAP

Step-1 : Enable ppolicy overlay
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif

Step-2 Create file ppmodule.ldif load the pp module
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: ppolicy

Step-3 load the module ppmodule.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f ppmodule.ldif

Step-4 Prepare for Overlay Create file ppolicyoverlay.ldif
dn: olcOverlay={0}ppolicy,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy

Step-5 Add ppolicyoverlay.ldif using ldapadd commandb  
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ppolicyoverlay.ldif

Note : this 5 steps are done only once before applying password policy, no need to repeat this everytime while creating password policy

Step-8 Create passwordpolicy.ldif for MyOrganization
dn: cn=MyOrgPPolicy,ou=Policies,dc=ldap,dc=com
cn: MyOrgPPolicy
objectClass: pwdPolicy
objectClass: device
objectClass: top
pwdAttribute: userPassword
pwdMaxAge: 3024000
pwdExpireWarning: 1814400
pwdInHistory: 4
pwdCheckQuality: 1
pwdMinLength: 9
pwdMaxFailure: 4
pwdLockout: TRUE
pwdLockoutDuration: 600
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE

Step-9 Add passwordpolicy.ldif in LDAP
ldapadd -D cn=admin,dc=ldap,dc=com -w password -f passwordpolicy.ldif

[ Your Policy named Default Policy is Applied , Remember You have To create OU named Policies defore adding this policy ]

-----------------------Apply policy to Users ---------------------

dn: cn=purval,ou=Users,dc=ldap,dc=com changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=MyorgPolicy,ou=Policies,dc=ldap,dc=com

---------------------- Remove Policy from User ----------------------------

dn: uid=purval,ou=People,dc=ldap,dc=com changetype: modify delete: pwdPolicySubentry

No comments:

Post a Comment

Switch between multiple PHP version in Ubuntu

If you have two php versions (e.g. PHP7.2 and PHP 5.6 ) installed in your ubuntu system. Switch from PHP 5.6 to PHP 7.2 =====> Apac...