okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Marisa 2025-09-30 18:12:44 -04:00
parent 7f878e4a48
commit 4b6f46faeb
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -475,18 +475,18 @@ Let's apply the following policy on the user reimu from the Organizational Unit
root@example:/# vim apply_policy_reimu.ldif
dn: uid=reimu,ou=Supergirls,dc=example,dc=com
changetype: modify
replace: pwdPolicySubentry
add: pwdPolicySubentry
pwdPolicySubentry: cn=default,ou=policies,dc=example,dc=com
```
And execute the apply_policy_reimu.ldif file
```
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f apply_policy_reimu.ldif
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f apply_policy_reimu.ldif
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
```
Run **again** the following taking note of the new hashed passwords
Run again the following command taking note of the new hashed passwords
```
root@example:/# slappasswd -s ying
{SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll
{SSHA}q0/43n3/uhkmMC2hH9gIGUBqmjWRQHjv
```
Finally, create a new file reset_reimu_password.ldif and replace the userPassword with the correct hashed password
```
@ -494,11 +494,11 @@ root@example:/# vim reset_reimu_password.ldif
dn: uid=reimu,ou=Supergirls,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: {SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll
userPassword: {SSHA}q0/43n3/uhkmMC2hH9gIGUBqmjWRQHjv
```
Execute reset_reimu_password.ldif
```
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f reset_reimu_password.ldif
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f reset_reimu_password.ldif
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
```
\
@ -506,12 +506,18 @@ First we could test try to change the password of reimu using reimu's password c
```
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
```
If we receive no output, the password change was successful. <!--Let's check the pwdFailureTime and pwdAccountLockedTime-->
Now let's try changing the password, but with a wrong password. Using the same command as before should be enough.
If we receive no output, the password change was successful. User's reimu's old password was _ying_ and now the new password is _yang_.<!--Let's check the pwdFailureTime and pwdAccountLockedTime-->
Now let's try changing the password, but with a wrong password. Using the same command as before should be enough since we are trying to run a command as user reimu using the old password _ying_ when we just changed to _yang_.
```
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
ldap_bind: Invalid credentials (49)
```
If we keep trying 2 times more with the wrong password, the user reimu will be locked out.
Before using 3 wrong passwords in a row and get the user blocked, let's try once again using the correct password, which is the new one _yang_:
```
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w yang -s ying "uid=reimu,ou=S
upergirls,dc=example,dc=com"
```
As we see, we are getting no error, since the correct new password was _yang_ and we changed it back to _ying_ as it was from the beginning.
Now let's try using 3 wrong passwords in a row...
<!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->