Update README.md

README.md

@@ -316,7 +316,7 @@ modifying entry "olcDatabase={1}mdb,cn=config"
 ```
 If successful, the output will show the modified entry.
 
-## _Password schemas_
+## _Loading and enabling policies_
 
 Since no policy overlays are loaded in slapd in the container, we need to load our own.
 \
@@ -347,7 +347,7 @@ root@example:/# ls /usr/lib/ldap/ppolicy*
 /usr/lib/ldap/ppolicy-2.5.so.0  /usr/lib/ldap/ppolicy-2.5.so.0.1.14  /usr/lib/ldap/ppolicy.la  /usr/lib/ldap/ppolicy.so
 ```
 Our LDAP server may not come loaded with the policies we need to apply features such as passwords schemas and ACLs (Access Control Lists), but the modules exists inside the container image.
-We need to make use of schemas, which in large part exists in /usr/lib/ppolicy.so -since the module exists, we are going to create modify_ppolicy_module.ldif to be able to make use of it:
+We need to make use of new schemas and **policies**, which in large part exists in /usr/lib/ppolicy.so -since the module exists, we are going to create modify_ppolicy_module.ldif to be able to make use of it:
 ```
 root@example:/# vim modify_ppolicy_module.ldif
 dn: cn=module{0},cn=config
@@ -380,7 +380,45 @@ olcModuleLoad: {0}back_mdb
 olcModuleLoad: {1}ppolicy.so
 
 ```
-Notice the addition of **olcModuleLoad: {1}ppolicy.so**. If we get a different result from the last command, we won't be able to enable the schemas or ACLs we need, and should check that we did input the right commands to reach this point, from the commands to run the container, if we started slapd with the right parameters, to the correct creation of the user administrator.
+Notice the addition of **olcModuleLoad: {1}ppolicy.so**. If we get a different result from the last command, we won't be able to enable the schemas or ACLs we need, and should check that we did input the right commands to reach this point, from the commands to run the container, if we started slapd with the right parameters, to the correct creation of the user administrator.\
 
+To enable our new schemas and policies, that is, to load our new module ppolicy.so in our openLDAP server, we need to restart it, we are going to do it manually (using grep it's optional):
+```
+root@example:/# kill $(pidof slapd)
+root@example:/# ps ax | grep slap
+     30 pts/0    S+     0:00 grep --color=auto slap
+root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
+root@example:/# ps ax | grep slap
+     32 ?        Ssl    0:00 slapd -h ldap:/// ldapi:/// -g openldap -u openldap -F /etc/ldap/slapd.d
+     36 pts/0    S+     0:00 grep --color=auto slap
+```
+
+Now that we restarted our openLDAP server, we can load the new module, so we create the following .ldif file:
+```
+root@example:/# vim enable_ppolicy.ldif
+dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcOverlay: ppolicy
+olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
+```
+We load the module
+```
+root@example:/# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
+adding new entry "olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config"
+```
+And then verify it is enabled
+```
+root@example:/# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=config "(objectclass=olcOverlayConfig)"
+dn: olcOverlay={0}ppolicy,olcDatabase={1}mdb,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcOverlay: {0}ppolicy
+olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
+```
+If the same output was returned, we are done with creating and loading the policies module, and we can begin creating .ldif with our schemas.
+
+## _Creating Passwords policies and schemas_
 
 <!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->