Update README.md
This commit is contained in:
parent
7f878e4a48
commit
4b6f46faeb
24
README.md
24
README.md
@ -475,18 +475,18 @@ Let's apply the following policy on the user reimu from the Organizational Unit
|
|||||||
root@example:/# vim apply_policy_reimu.ldif
|
root@example:/# vim apply_policy_reimu.ldif
|
||||||
dn: uid=reimu,ou=Supergirls,dc=example,dc=com
|
dn: uid=reimu,ou=Supergirls,dc=example,dc=com
|
||||||
changetype: modify
|
changetype: modify
|
||||||
replace: pwdPolicySubentry
|
add: pwdPolicySubentry
|
||||||
pwdPolicySubentry: cn=default,ou=policies,dc=example,dc=com
|
pwdPolicySubentry: cn=default,ou=policies,dc=example,dc=com
|
||||||
```
|
```
|
||||||
And execute the apply_policy_reimu.ldif file
|
And execute the apply_policy_reimu.ldif file
|
||||||
```
|
```
|
||||||
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f apply_policy_reimu.ldif
|
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f apply_policy_reimu.ldif
|
||||||
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
||||||
```
|
```
|
||||||
Run **again** the following taking note of the new hashed passwords
|
Run again the following command taking note of the new hashed passwords
|
||||||
```
|
```
|
||||||
root@example:/# slappasswd -s ying
|
root@example:/# slappasswd -s ying
|
||||||
{SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll
|
{SSHA}q0/43n3/uhkmMC2hH9gIGUBqmjWRQHjv
|
||||||
```
|
```
|
||||||
Finally, create a new file reset_reimu_password.ldif and replace the userPassword with the correct hashed password
|
Finally, create a new file reset_reimu_password.ldif and replace the userPassword with the correct hashed password
|
||||||
```
|
```
|
||||||
@ -494,11 +494,11 @@ root@example:/# vim reset_reimu_password.ldif
|
|||||||
dn: uid=reimu,ou=Supergirls,dc=example,dc=com
|
dn: uid=reimu,ou=Supergirls,dc=example,dc=com
|
||||||
changetype: modify
|
changetype: modify
|
||||||
replace: userPassword
|
replace: userPassword
|
||||||
userPassword: {SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll
|
userPassword: {SSHA}q0/43n3/uhkmMC2hH9gIGUBqmjWRQHjv
|
||||||
```
|
```
|
||||||
Execute reset_reimu_password.ldif
|
Execute reset_reimu_password.ldif
|
||||||
```
|
```
|
||||||
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f reset_reimu_password.ldif
|
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f reset_reimu_password.ldif
|
||||||
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
||||||
```
|
```
|
||||||
\
|
\
|
||||||
@ -506,12 +506,18 @@ First we could test try to change the password of reimu using reimu's password c
|
|||||||
```
|
```
|
||||||
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
||||||
```
|
```
|
||||||
If we receive no output, the password change was successful. <!--Let's check the pwdFailureTime and pwdAccountLockedTime-->
|
If we receive no output, the password change was successful. User's reimu's old password was _ying_ and now the new password is _yang_.<!--Let's check the pwdFailureTime and pwdAccountLockedTime-->
|
||||||
Now let's try changing the password, but with a wrong password. Using the same command as before should be enough.
|
Now let's try changing the password, but with a wrong password. Using the same command as before should be enough since we are trying to run a command as user reimu using the old password _ying_ when we just changed to _yang_.
|
||||||
```
|
```
|
||||||
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
||||||
ldap_bind: Invalid credentials (49)
|
ldap_bind: Invalid credentials (49)
|
||||||
```
|
```
|
||||||
If we keep trying 2 times more with the wrong password, the user reimu will be locked out.
|
Before using 3 wrong passwords in a row and get the user blocked, let's try once again using the correct password, which is the new one _yang_:
|
||||||
|
```
|
||||||
|
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w yang -s ying "uid=reimu,ou=S
|
||||||
|
upergirls,dc=example,dc=com"
|
||||||
|
```
|
||||||
|
As we see, we are getting no error, since the correct new password was _yang_ and we changed it back to _ying_ as it was from the beginning.
|
||||||
|
Now let's try using 3 wrong passwords in a row...
|
||||||
|
|
||||||
<!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->
|
<!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->
|
Loading…
Reference in New Issue
Block a user