From 4b6f46faeb0c53eaf3f1a74b09fe3333eae7c67e Mon Sep 17 00:00:00 2001 From: Marisa Date: Tue, 30 Sep 2025 18:12:44 -0400 Subject: [PATCH] Update README.md --- README.md | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index ce67e4e..424d7e1 100644 --- a/README.md +++ b/README.md @@ -475,18 +475,18 @@ Let's apply the following policy on the user reimu from the Organizational Unit root@example:/# vim apply_policy_reimu.ldif dn: uid=reimu,ou=Supergirls,dc=example,dc=com changetype: modify -replace: pwdPolicySubentry +add: pwdPolicySubentry pwdPolicySubentry: cn=default,ou=policies,dc=example,dc=com ``` And execute the apply_policy_reimu.ldif file ``` -root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f apply_policy_reimu.ldif +root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f apply_policy_reimu.ldif modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com" ``` -Run **again** the following taking note of the new hashed passwords +Run again the following command taking note of the new hashed passwords ``` root@example:/# slappasswd -s ying -{SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll +{SSHA}q0/43n3/uhkmMC2hH9gIGUBqmjWRQHjv ``` Finally, create a new file reset_reimu_password.ldif and replace the userPassword with the correct hashed password ``` @@ -494,11 +494,11 @@ root@example:/# vim reset_reimu_password.ldif dn: uid=reimu,ou=Supergirls,dc=example,dc=com changetype: modify replace: userPassword -userPassword: {SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll +userPassword: {SSHA}q0/43n3/uhkmMC2hH9gIGUBqmjWRQHjv ``` Execute reset_reimu_password.ldif ``` -root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f reset_reimu_password.ldif +root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f reset_reimu_password.ldif modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com" ``` \ @@ -506,12 +506,18 @@ First we could test try to change the password of reimu using reimu's password c ``` root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com" ``` -If we receive no output, the password change was successful. -Now let's try changing the password, but with a wrong password. Using the same command as before should be enough. +If we receive no output, the password change was successful. User's reimu's old password was _ying_ and now the new password is _yang_. +Now let's try changing the password, but with a wrong password. Using the same command as before should be enough since we are trying to run a command as user reimu using the old password _ying_ when we just changed to _yang_. ``` root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com" ldap_bind: Invalid credentials (49) ``` -If we keep trying 2 times more with the wrong password, the user reimu will be locked out. +Before using 3 wrong passwords in a row and get the user blocked, let's try once again using the correct password, which is the new one _yang_: +``` +root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w yang -s ying "uid=reimu,ou=S +upergirls,dc=example,dc=com" +``` +As we see, we are getting no error, since the correct new password was _yang_ and we changed it back to _ying_ as it was from the beginning. +Now let's try using 3 wrong passwords in a row... \ No newline at end of file