Add Password Policy in LDAP

Step-1 : Enable ppolicy overlay
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif

Step-2 Create file ppmodule.ldif load the pp module
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: ppolicy

Step-3 load the module ppmodule.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f ppmodule.ldif

Step-4 Prepare for Overlay Create file ppolicyoverlay.ldif
dn: olcOverlay={0}ppolicy,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy


Step-5 Add ppolicyoverlay.ldif using ldapadd commandb  
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ppolicyoverlay.ldif

Note : this 5 steps are done only once before applying password policy, no need to repeat this everytime while creating password policy


Step-8 Create passwordpolicy.ldif for MyOrganization
dn: cn=MyOrgPPolicy,ou=Policies,dc=ldap,dc=com
cn: MyOrgPPolicy
objectClass: pwdPolicy
objectClass: device
objectClass: top
pwdAttribute: userPassword
pwdMaxAge: 3024000
pwdExpireWarning: 1814400
pwdInHistory: 4
pwdCheckQuality: 1
pwdMinLength: 9
pwdMaxFailure: 4
pwdLockout: TRUE
pwdLockoutDuration: 600
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE

Step-9 Add passwordpolicy.ldif in LDAP
ldapadd -D cn=admin,dc=ldap,dc=com -w password -f passwordpolicy.ldif


[ Your Policy named Default Policy is Applied , Remember You have To create OU named Policies defore adding this policy ]

-----------------------Apply policy to Users ---------------------

dn: cn=purval,ou=Users,dc=ldap,dc=com changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=MyorgPolicy,ou=Policies,dc=ldap,dc=com

---------------------- Remove Policy from User ----------------------------

dn: uid=purval,ou=People,dc=ldap,dc=com changetype: modify delete: pwdPolicySubentry







Comments

  1. Could you elaborate more on following

    ----------------------Apply policy to Users ---------------------

    dn: cn=purval,ou=Users,dc=ldap,dc=com
    changetype: modify
    add: pwdPolicySubentry
    pwdPolicySubentry: cn=MyorgPolicy,ou=Policies,dc=ldap,dc=com

    ReplyDelete

Post a Comment

Popular posts from this blog

Error while connecting RDP "an authentication error has occurred the token supplied to the function is invalid".

Windows shared network printer issue in ubuntu 18.04

Rename printer from command line in ubuntu.