Update INSTALL.md
This commit is contained in:
parent
33d86b72de
commit
855ec0a26c
69
INSTALL.md
69
INSTALL.md
@ -81,3 +81,72 @@ root@example:/# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
|
|||||||
adding new entry "olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config"
|
adding new entry "olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config"
|
||||||
```
|
```
|
||||||
The policies module has been loaded and we can begin to configure password schemas and ACLs.
|
The policies module has been loaded and we can begin to configure password schemas and ACLs.
|
||||||
|
|
||||||
|
## _4- Configure default passwod policies_
|
||||||
|
|
||||||
|
Create a basic overlay of your password policies, run this command, copy-paste the content then press enter to run it automatically. Go back to the shell with CTRL+C.
|
||||||
|
```
|
||||||
|
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
|
||||||
|
dn: cn=default,ou=policies,dc=example,dc=com
|
||||||
|
objectClass: pwdPolicy
|
||||||
|
objectClass: organizationalRole
|
||||||
|
cn: default
|
||||||
|
pwdAttribute: userPassword
|
||||||
|
pwdMinLength: 8
|
||||||
|
pwdCheckQuality: 2
|
||||||
|
|
||||||
|
adding new entry "cn=default,ou=policies,dc=example,dc=com"
|
||||||
|
|
||||||
|
^C
|
||||||
|
```
|
||||||
|
Attributes you can change for example, pwdMinLength, pwdMaxFailure, pwdMaxAge, etc.
|
||||||
|
\
|
||||||
|
\
|
||||||
|
In order to enforce our password configuration we need something to control.
|
||||||
|
Copy the command, and copy-paste the content, press enter to exec, you can escape with CTRL+C.
|
||||||
|
```
|
||||||
|
# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
|
||||||
|
dn: ou=Supergirls,dc=example,dc=com
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
ou: Supergirls
|
||||||
|
|
||||||
|
adding new entry "ou=Supergirls,dc=example,dc=com"
|
||||||
|
^C
|
||||||
|
```
|
||||||
|
Create a password hash for the user marisa
|
||||||
|
```
|
||||||
|
root@example:/etc/ldap/slapd.d# slappasswd -s qwerty
|
||||||
|
{SSHA}fgEXXr2J08jTVfgyOnkRL2I1JNL4Bp5V
|
||||||
|
```
|
||||||
|
Copy-paste all this attributes after the command, remember to write down the hashed password correctly.
|
||||||
|
```
|
||||||
|
root@example:/etc/ldap/slapd.d# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
|
||||||
|
dn: uid=marisa,ou=Supergirls,dc=example,dc=com
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: posixAccount
|
||||||
|
cn: Marisa
|
||||||
|
sn: Kirisame
|
||||||
|
givenName: Marisa
|
||||||
|
displayName: Marisa Kirisame
|
||||||
|
uid: marisa
|
||||||
|
uidNumber: 1001
|
||||||
|
gidNumber: 5000
|
||||||
|
homeDirectory: /home/marisa
|
||||||
|
loginShell: /bin/bash
|
||||||
|
userPassword: {SSHA}fgEXXr2J08jTVfgyOnkRL2I1JNL4Bp5V
|
||||||
|
mail: marisa@example.com
|
||||||
|
|
||||||
|
adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com"
|
||||||
|
^C
|
||||||
|
```
|
||||||
|
marisa and all users added to Supergirls will respect the password default policies, you can check it out, example:
|
||||||
|
```
|
||||||
|
root@example:/etc/ldap/slapd.d# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s marisakirisame
|
||||||
|
Result: Constraint violation (19)
|
||||||
|
Additional info: Password fails quality checking policy
|
||||||
|
```
|
||||||
|
Password rejected because we established before pwdMinLength was 8.
|
||||||
|
```
|
||||||
|
root@example:/etc/ldap/slapd.d# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s kirisame
|
||||||
|
```
|
||||||
|
"kirisame" is accepted because it's within 8 length characters.
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user