Update README.md

This commit is contained in:
Marisa 2025-09-30 18:12:44 -04:00
parent 7f878e4a48
commit 4b6f46faeb

View File

@ -475,18 +475,18 @@ Let's apply the following policy on the user reimu from the Organizational Unit
root@example:/# vim apply_policy_reimu.ldif root@example:/# vim apply_policy_reimu.ldif
dn: uid=reimu,ou=Supergirls,dc=example,dc=com dn: uid=reimu,ou=Supergirls,dc=example,dc=com
changetype: modify changetype: modify
replace: pwdPolicySubentry add: pwdPolicySubentry
pwdPolicySubentry: cn=default,ou=policies,dc=example,dc=com pwdPolicySubentry: cn=default,ou=policies,dc=example,dc=com
``` ```
And execute the apply_policy_reimu.ldif file And execute the apply_policy_reimu.ldif file
``` ```
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f apply_policy_reimu.ldif root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f apply_policy_reimu.ldif
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com" modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
``` ```
Run **again** the following taking note of the new hashed passwords Run again the following command taking note of the new hashed passwords
``` ```
root@example:/# slappasswd -s ying root@example:/# slappasswd -s ying
{SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll {SSHA}q0/43n3/uhkmMC2hH9gIGUBqmjWRQHjv
``` ```
Finally, create a new file reset_reimu_password.ldif and replace the userPassword with the correct hashed password Finally, create a new file reset_reimu_password.ldif and replace the userPassword with the correct hashed password
``` ```
@ -494,11 +494,11 @@ root@example:/# vim reset_reimu_password.ldif
dn: uid=reimu,ou=Supergirls,dc=example,dc=com dn: uid=reimu,ou=Supergirls,dc=example,dc=com
changetype: modify changetype: modify
replace: userPassword replace: userPassword
userPassword: {SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll userPassword: {SSHA}q0/43n3/uhkmMC2hH9gIGUBqmjWRQHjv
``` ```
Execute reset_reimu_password.ldif Execute reset_reimu_password.ldif
``` ```
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f reset_reimu_password.ldif root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f reset_reimu_password.ldif
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com" modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
``` ```
\ \
@ -506,12 +506,18 @@ First we could test try to change the password of reimu using reimu's password c
``` ```
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com" root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
``` ```
If we receive no output, the password change was successful. <!--Let's check the pwdFailureTime and pwdAccountLockedTime--> If we receive no output, the password change was successful. User's reimu's old password was _ying_ and now the new password is _yang_.<!--Let's check the pwdFailureTime and pwdAccountLockedTime-->
Now let's try changing the password, but with a wrong password. Using the same command as before should be enough. Now let's try changing the password, but with a wrong password. Using the same command as before should be enough since we are trying to run a command as user reimu using the old password _ying_ when we just changed to _yang_.
``` ```
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com" root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
ldap_bind: Invalid credentials (49) ldap_bind: Invalid credentials (49)
``` ```
If we keep trying 2 times more with the wrong password, the user reimu will be locked out. Before using 3 wrong passwords in a row and get the user blocked, let's try once again using the correct password, which is the new one _yang_:
```
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w yang -s ying "uid=reimu,ou=S
upergirls,dc=example,dc=com"
```
As we see, we are getting no error, since the correct new password was _yang_ and we changed it back to _ying_ as it was from the beginning.
Now let's try using 3 wrong passwords in a row...
<!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"--> <!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->