Add Password Policy in LDAP

Step-1 : Enable ppolicy overlay

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif

Step-2 Create file ppmodule.ldif load the pp module

dn: cn=module{0},cn=config

changetype: modify

add: olcModuleLoad

olcModuleLoad: ppolicy

Step-3 load the module ppmodule.ldif

ldapadd -Y EXTERNAL -H ldapi:/// -f ppmodule.ldif

Step-4 Prepare for Overlay Create file ppolicyoverlay.ldif

dn: olcOverlay={0}ppolicy,olcDatabase={1}hdb,cn=config

objectClass: olcOverlayConfig

objectClass: olcPPolicyConfig

olcOverlay: {0}ppolicy

Step-5 Add ppolicyoverlay.ldif using ldapadd commandb  

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ppolicyoverlay.ldif

Note : this 5 steps are done only once before applying password policy, no need to repeat this everytime while creating password policy

Step-8 Create passwordpolicy.ldif for MyOrganization

dn: cn=MyOrgPPolicy,ou=Policies,dc=ldap,dc=com

cn: MyOrgPPolicy

objectClass: pwdPolicy

objectClass: device

objectClass: top

pwdAttribute: userPassword

pwdMaxAge: 3024000

pwdExpireWarning: 1814400

pwdInHistory: 4

pwdCheckQuality: 1

pwdMinLength: 9

pwdMaxFailure: 4

pwdLockout: TRUE

pwdLockoutDuration: 600

pwdGraceAuthNLimit: 0

pwdFailureCountInterval: 0

pwdMustChange: TRUE

pwdAllowUserChange: TRUE

pwdSafeModify: FALSE

Step-9 Add passwordpolicy.ldif in LDAP

ldapadd -D cn=admin,dc=ldap,dc=com -w password -f passwordpolicy.ldif


[ Your Policy named Default Policy is Applied , Remember You have To create OU named Policies defore adding this policy ]

-----------------------Apply policy to Users ---------------------

dn: cn=purval,ou=Users,dc=ldap,dc=com changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=MyorgPolicy,ou=Policies,dc=ldap,dc=com

---------------------- Remove Policy from User ----------------------------

dn: uid=purval,ou=People,dc=ldap,dc=com changetype: modify delete: pwdPolicySubentry