From 7f878e4a48555d88cf0a201b5575ffa4c40a4bc0 Mon Sep 17 00:00:00 2001
From: Marisa <leandromatias.martinez@gmail.com>
Date: Tue, 30 Sep 2025 17:39:02 -0400
Subject: [PATCH] Update README.md

---
 README.md | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 4d6522d..ce67e4e 100644
--- a/README.md
+++ b/README.md
@@ -275,7 +275,7 @@ uidNumber: 1001
 gidNumber: 5000
 homeDirectory: /home/marisa
 ```
-
+<!--
 ### <ins>_Reset root password_</ins>
 
 Build line by line, the **.ldif** file we will need to reset root password, starting with the following command:
@@ -315,8 +315,9 @@ root@example:/etc/ldap# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif
 modifying entry "olcDatabase={1}mdb,cn=config"
 ```
 If successful, the output will show the modified entry.
+-->
 
-## _Loading and enabling policies_
+## _Loading and enabling modules_
 
 Since no policy overlays are loaded in slapd in the container, we need to load our own.
 \
@@ -419,7 +420,7 @@ olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
 ```
 If the same output was returned, we are done with creating and loading the policies module, and we can begin creating .ldif with our schemas.
 
-## _Creating Passwords policies and schemas_
+## _Setting up passwords policies, schemas, and ACLs_
 
 First of all, update our openLDAP ACL (Acess Control List) so we can have SASL EXTERNAL perms for the Linux openLDAP user, "openldap", so it can enforce all the following rules we are going to create.
 Create the file update_acl.ldif with the following content:
@@ -467,7 +468,7 @@ userPassword: {SSHA}cgT...  # Generate with: slappasswd -s yang
 ```
 That's a lot of data, but it creates our Supergirls directory, and with it the users reimu and marisa. 
 
-### <ins>_Blocking user access with user's password after 3 tries_</ins>
+### <ins>_Blocking user access after 3 wrong tries_</ins>
 
 Let's apply the following policy on the user reimu from the Organizational Unit Supergirls: after failing to interact in any way with the LDAP server using the user's wrong password, the LDAP server with block the user and it will disabled of any action until an administrator unlocks it. 
 ```
@@ -500,7 +501,17 @@ Execute reset_reimu_password.ldif
 root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f reset_reimu_password.ldif
 modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
 ```
-
-
+\
+First we could test try to change the password of reimu using reimu's password correctly:
+```
+root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
+```
+If we receive no output, the password change was successful. <!--Let's check the pwdFailureTime and pwdAccountLockedTime-->
+Now let's try changing the password, but with a wrong password. Using the same command as before should be enough.
+```
+root@example:/# ldappasswd -x -H ldap:/// -D "uid=reimu,ou=Supergirls,dc=example,dc=com" -w ying -s yang "uid=reimu,ou=Supergirls,dc=example,dc=com"
+ldap_bind: Invalid credentials (49)
+```
+If we keep trying 2 times more with the wrong password, the user reimu will be locked out.
 
 <!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->
\ No newline at end of file