Update README.md
This commit is contained in:
parent
a956d46a86
commit
7f878e4a48
23
README.md
23
README.md
@ -275,7 +275,7 @@ uidNumber: 1001
|
||||
gidNumber: 5000
|
||||
homeDirectory: /home/marisa
|
||||
```
|
||||
|
||||
<!--
|
||||
### <ins>_Reset root password_</ins>
|
||||
|
||||
Build line by line, the **.ldif** file we will need to reset root password, starting with the following command:
|
||||
@ -315,8 +315,9 @@ root@example:/etc/ldap# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
|
||||
modifying entry "olcDatabase={1}mdb,cn=config"
|
||||
```
|
||||
If successful, the output will show the modified entry.
|
||||
-->
|
||||
|
||||
## _Loading and enabling policies_
|
||||
## _Loading and enabling modules_
|
||||
|
||||
Since no policy overlays are loaded in slapd in the container, we need to load our own.
|
||||
\
|
||||
@ -419,7 +420,7 @@ olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
|
||||
```
|
||||
If the same output was returned, we are done with creating and loading the policies module, and we can begin creating .ldif with our schemas.
|
||||
|
||||
## _Creating Passwords policies and schemas_
|
||||
## _Setting up passwords policies, schemas, and ACLs_
|
||||
|
||||
First of all, update our openLDAP ACL (Acess Control List) so we can have SASL EXTERNAL perms for the Linux openLDAP user, "openldap", so it can enforce all the following rules we are going to create.
|
||||
Create the file update_acl.ldif with the following content:
|
||||
@ -467,7 +468,7 @@ userPassword: {SSHA}cgT... # Generate with: slappasswd -s yang
|
||||
```
|
||||
That's a lot of data, but it creates our Supergirls directory, and with it the users reimu and marisa.
|
||||
|
||||
### <ins>_Blocking user access with user's password after 3 tries_</ins>
|
||||
### <ins>_Blocking user access after 3 wrong tries_</ins>
|
||||
|
||||
Let's apply the following policy on the user reimu from the Organizational Unit Supergirls: after failing to interact in any way with the LDAP server using the user's wrong password, the LDAP server with block the user and it will disabled of any action until an administrator unlocks it.
|
||||
```
|
||||
@ -500,7 +501,17 @@ Execute reset_reimu_password.ldif
|
||||
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f reset_reimu_password.ldif
|
||||
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
||||
```
|
||||
|
||||
|
||||
\
|
||||
First we could test try to change the password of reimu using reimu's password correctly:
|
||||
```
|
||||
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
||||
```
|
||||
If we receive no output, the password change was successful. <!--Let's check the pwdFailureTime and pwdAccountLockedTime-->
|
||||
Now let's try changing the password, but with a wrong password. Using the same command as before should be enough.
|
||||
```
|
||||
root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
||||
ldap_bind: Invalid credentials (49)
|
||||
```
|
||||
If we keep trying 2 times more with the wrong password, the user reimu will be locked out.
|
||||
|
||||
<!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->
|
||||
Loading…
Reference in New Issue
Block a user