Update README.md
This commit is contained in:
parent
e22f0075d7
commit
a956d46a86
39
README.md
39
README.md
@ -431,7 +431,7 @@ replace: olcAccess
|
||||
olcAccess: {0}to attrs=userPassword,pwdPolicySubentry by self write by anonymous auth by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write by * none
|
||||
olcAccess: {1}to * by dn.exact="cn=admin,dc=example,dc=com" manage by * read
|
||||
```
|
||||
This probably looks confusing and even scary now, but it's pretty simple, it basically adds the pwdPolicySubentry attribute to the attributes SASL EXTERNAL can write. We will come back to it later anyways.\
|
||||
This probably looks confusing and even scary now, but it's pretty simple, it basically adds the pwdPolicySubentry attribute to the attributes SASL EXTERNAL can write. We will come back to it later anyways.
|
||||
|
||||
```
|
||||
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f update_acl.ldif
|
||||
@ -466,8 +466,41 @@ sn: Kirisame
|
||||
userPassword: {SSHA}cgT... # Generate with: slappasswd -s yang
|
||||
```
|
||||
That's a lot of data, but it creates our Supergirls directory, and with it the users reimu and marisa.
|
||||
When copying and pasting, note there are 2 users that requires a password hash; by now you should know how to generate them, use the same password we are using here as well.
|
||||
|
||||
### <ins>_Blocking user after wrong password tries_</ins>
|
||||
### <ins>_Blocking user access with user's password after 3 tries_</ins>
|
||||
|
||||
Let's apply the following policy on the user reimu from the Organizational Unit Supergirls: after failing to interact in any way with the LDAP server using the user's wrong password, the LDAP server with block the user and it will disabled of any action until an administrator unlocks it.
|
||||
```
|
||||
root@example:/# vim apply_policy_reimu.ldif
|
||||
dn: uid=reimu,ou=Supergirls,dc=example,dc=com
|
||||
changetype: modify
|
||||
replace: pwdPolicySubentry
|
||||
pwdPolicySubentry: cn=default,ou=policies,dc=example,dc=com
|
||||
```
|
||||
And execute the apply_policy_reimu.ldif file
|
||||
```
|
||||
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f apply_policy_reimu.ldif
|
||||
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
||||
```
|
||||
Run **again** the following taking note of the new hashed passwords
|
||||
```
|
||||
root@example:/# slappasswd -s ying
|
||||
{SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll
|
||||
```
|
||||
Finally, create a new file reset_reimu_password.ldif and replace the userPassword with the correct hashed password
|
||||
```
|
||||
root@example:/# vim reset_reimu_password.ldif
|
||||
dn: uid=reimu,ou=Supergirls,dc=example,dc=com
|
||||
changetype: modify
|
||||
replace: userPassword
|
||||
userPassword: {SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll
|
||||
```
|
||||
Execute reset_reimu_password.ldif
|
||||
```
|
||||
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f reset_reimu_password.ldif
|
||||
modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
|
||||
```
|
||||
|
||||
|
||||
|
||||
<!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->
|
||||
Loading…
Reference in New Issue
Block a user