Linux Programmer | RHCE | RHCSA

Search This Blog

Friday 4 November 2016

Add Password Policy in LDAP

Step-1 : Enable ppolicy overlay
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif

Step-2 Create file ppmodule.ldif load the pp module
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: ppolicy

Step-3 load the module ppmodule.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f ppmodule.ldif

Step-4 Prepare for Overlay Create file ppolicyoverlay.ldif
dn: olcOverlay={0}ppolicy,olcDatabase={1}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy


Step-5 Add ppolicyoverlay.ldif using ldapadd commandb  
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ppolicyoverlay.ldif

Note : this 5 steps are done only once before applying password policy, no need to repeat this everytime while creating password policy


Step-8 Create passwordpolicy.ldif for MyOrganization
dn: cn=MyOrgPPolicy,ou=Policies,dc=ldap,dc=com
cn: MyOrgPPolicy
objectClass: pwdPolicy
objectClass: device
objectClass: top
pwdAttribute: userPassword
pwdMaxAge: 3024000
pwdExpireWarning: 1814400
pwdInHistory: 4
pwdCheckQuality: 1
pwdMinLength: 9
pwdMaxFailure: 4
pwdLockout: TRUE
pwdLockoutDuration: 600
pwdGraceAuthNLimit: 0
pwdFailureCountInterval: 0
pwdMustChange: TRUE
pwdAllowUserChange: TRUE
pwdSafeModify: FALSE

Step-9 Add passwordpolicy.ldif in LDAP
ldapadd -D cn=admin,dc=ldap,dc=com -w password -f passwordpolicy.ldif


[ Your Policy named Default Policy is Applied , Remember You have To create OU named Policies defore adding this policy ]

-----------------------Apply policy to Users ---------------------

dn: cn=purval,ou=Users,dc=ldap,dc=com changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=MyorgPolicy,ou=Policies,dc=ldap,dc=com

---------------------- Remove Policy from User ----------------------------

dn: uid=purval,ou=People,dc=ldap,dc=com changetype: modify delete: pwdPolicySubentry







1 comment:

  1. Could you elaborate more on following

    ----------------------Apply policy to Users ---------------------

    dn: cn=purval,ou=Users,dc=ldap,dc=com
    changetype: modify
    add: pwdPolicySubentry
    pwdPolicySubentry: cn=MyorgPolicy,ou=Policies,dc=ldap,dc=com

    ReplyDelete

SSH not working with password after upgrade ubuntu 22.04

Issue: In recent upgrade of ubuntu 22.04 we are not able to login server with SSH password. but when we try to login with key then it allow...