okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Marisa 2025-10-07 15:26:47 -04:00
parent 2116858ee3
commit 62511398f7
1 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
README.md
View File

@ -640,12 +640,27 @@ changetype: modify
add: pwdCheckQuality add: pwdCheckQuality
pwdCheckQuality: 2 pwdCheckQuality: 2
``` ```
Execute the .ldif file... Execute the update_policy_quality.ldif file...
``` ```
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f update_policy_quality.ldif root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f update_policy_quality.ldif
modifying entry "cn=default,ou=policies,dc=example,dc=com" modifying entry "cn=default,ou=policies,dc=example,dc=com"
``` ```
We need to specify who we want to apply this new policy (change it from how it was by default before), let's use the user reimu While we are setting up the password complexity level, we can learn how to set the password minimum length since it's similar:
```
root@example:/# vim update_policy_minlength.ldif
dn: cn=default,ou=policies,dc=example,dc=com
changetype: modify
replace: pwdMinLength
pwdMinLength: 10
```
The attribute pwdMinLength being the password minimum characters.
Now execute the update_policy_minlength.ldif file...
```
root@example:/# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f update_policy_minlength.ldif
modifying entry "cn=default,ou=policies,dc=example,dc=com"
```
<!--We need to specify who we want to apply this new policy (change it from how it was by default before), let's use the user reimu
``` ```
root@example:/# vim apply_policy_reimu.ldif root@example:/# vim apply_policy_reimu.ldif
dn: uid=reimu,ou=Supergirls,dc=example,dc=com dn: uid=reimu,ou=Supergirls,dc=example,dc=com
@ -658,15 +673,25 @@ Execute the .ldif **replacing** the pwdPolicySubentry for the user reimu
root@example:/etc/ldap/slapd.d# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f apply_policy_reimu.ldif root@example:/etc/ldap/slapd.d# ldapmodify -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w 1234 -f apply_policy_reimu.ldif
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com" modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
``` ```
-->
Now let's try changing the password to one too easy, _newreimupass_ being the user's password and _weak_ the newpassword: Now let's try changing the password to one too easy, _newreimupass_ being the user's password and _weak_ the newpassword:
``` ```
root@example:/# # ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w newreimupass -s weak "uid=reimu,ou=Supergirls,dc=example,dc=com" root@example:/# # ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w newreimupass -s weak "uid=reimu,ou=Supergirls,dc=example,dc=com"
Result: Constraint violation (19) Result: Constraint violation (19)
``` ```
We get an "Constraint violation" error, meaning the new password did not comply with the minimum requirements, and since we setup the pwdPolicyQuality to 2, it got rejected. We get an "Constraint violation" error, meaning the new password did not comply with the minimum requirements, and since we setup the pwdPolicyQuality to 2, it got rejected.
Let's try changing the password to one too short, _reimupass_ being the user's password, to _reimu_ being the newpassword:
```
root@example:/etc/ldap/slapd.d# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w reimupass -s reimu "uid=reimu,ou=Supergirls,dc=example,dc=com"
Result: Constraint violation (19)
```
We get again a "Constraint violation" error, the new password did not comply with the minimum requirements, this time the pwdMinLength being 10 as we defined in update_policy_minlength.ldif.
\ \
Note that getting a constraint violation while trying to change a password, **does not add a pwdFailureTime attribute entry to the user**, as if we would try to do something with the user, like changing some attribute, using the wrong original password. Note that getting a constraint violation while trying to change a password, **does not add a pwdFailureTime attribute entry to the user**, as if we would try to do something with the user, like changing some attribute, using the wrong original password.
## _Show Organizational Units, users, and attributes_ ## _Show Organizational Units, users, and attributes_
### <ins>_Show LDAP server directories with the data_</ins> ### <ins>_Show LDAP server directories with the data_</ins>