okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Marisa 2025-10-07 14:28:33 -04:00
parent dc50b23ffc
commit 12c66f5536
1 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
README.md
View File

@ -622,6 +622,42 @@ root@example:/# ldapsearch -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 123
```
This two commands are a little convoluted but what they're doing is, using ldapsearch and multiple grep, and only showing the number of times the user has entered the wrong password. In this case the user reimu tried to change the password using a wrong password twice.
### <ins>_Setup passwords complexity_</ins>
There are different levels of password complexity that comes with the policies module in openLDAP:
0: No quality checking. Any password is accepted, regardless of complexity.
1: Evaluates the password against its built-in quality checks but does not reject weak passwords. If the password fails (e.g., too short or too simple), it logs a warning but allows the change to proceed.
2: OpenLDAP strictly enforces password quality, rejecting weak passwords with "Constraint violation" errors and messages like "Password fails quality checking policy".
Minimum Password quality checking: length check of at least 56 characters, reject identical characters like aaaaaa or 111111
Setting up passwords complexity level:
```
root@example:/# vim update_policy_quality.ldif
dn: cn=default,ou=policies,dc=example,dc=com
changetype: modify
add: pwdCheckQuality
pwdCheckQuality: 2
```
Execute the .ldif file...
```
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f update_policy_quality.ldif
modifying entry "cn=default,ou=policies,dc=example,dc=com"
```
We need to specify who we want to apply this new policy (change it from how it was by default before), let's use the user reimu
```
root@example:/# vim apply_policy_reimu.ldif
dn: uid=reimu,ou=Supergirls,dc=example,dc=com
changetype: modify
replace: pwdPolicySubentry
pwdPolicySubentry: cn=default,ou=policies,dc=example,dc=com
```
Execute the .ldif **replacing** the pwdPolicySubentry
```
root@example:/etc/ldap/slapd.d# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f apply_policy_reimu.ldif
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
```
## _Show Organizational Units, users, and attributes_
### <ins>_Show LDAP server directories with the data_</ins>