okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update INSTALL.md

Browse Source
This commit is contained in:
Marisa 2025-10-12 13:53:21 -04:00
parent 643c5e41ce
commit ab177b04cd
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
INSTALL.md
View File

@ -29,7 +29,7 @@ root@example:/# slappasswd -s Op3nLd4p!
Create the .ldif file that will create the admin user, edit the _userPassword_ attribute with our password hash\
(you can copy & paste the entire command until userPassword, copy your password hash with the mouse, and paste it directly)
```
root@example:/# cat > create_admin.ldif << EOL
root@example:/# cat > create_admin.ldif << EOF
dn: cn=admin,dc=example,dc=com
changetype: add
objectClass: organizationalRole
@ -37,7 +37,7 @@ objectClass: simpleSecurityObject
cn: admin
description: LDAP administrator
userPassword: {SSHA}vP1xt9t8+/GmOXmqlH1yNh305+MpUDe+ # Replace with the hash of your password
EOL
EOF
```
```
root@example:/# ldapadd -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w Op3nLd4p! -f create_admin.ldif
@ -49,12 +49,12 @@ That's all, our administrator user was properly done.
We need to make use of new schemas and **policies**, which in large part exists in /usr/lib/ppolicy.so -since the module exists, we are going to create modify_ppolicy_module.ldif to be able to make use of it:
```
root@example:/# cat > modify_ppolicy_module.ldif << EOL
root@example:/# cat > modify_ppolicy_module.ldif << EOF
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: ppolicy.so
EOL
EOF
```
```
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f modify_ppolicy_module.ldif
@ -67,14 +67,14 @@ root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ld
```
Now that we restarted our openLDAP server, we can load the new module, so we create the following .ldif file:
```
root@example:/# cat > enable_ppolicy.ldif << EOL
root@example:/# cat > enable_ppolicy.ldif << EOF
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
EOL
EOF
```
```
root@example:/# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
@ -84,9 +84,9 @@ The policies module has been loaded and we can begin to configure password schem
## _4- Configure default password policies_
Create a basic overlay of your password policies, run this command, copy-paste the content then press enter to run it automatically. Once the entry has been added, go back to the shell with CTRL+C.
Create a basic overlay of your password policies:
```
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
root@example:/# cat > passwd_ppolicy_overlay.ldif << EOF
dn: cn=default,ou=policies,dc=example,dc=com
objectClass: pwdPolicy
objectClass: organizationalRole
@ -94,10 +94,11 @@ cn: default
pwdAttribute: userPassword
pwdMinLength: 8
pwdCheckQuality: 2
EOF
```
```
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -w Op3nLd4p! -H ldapi:/// -f passwd_ppolicy_overlay.ldif
adding new entry "cn=default,ou=policies,dc=example,dc=com"
^C
```
You can change password policies like pwdMinLength, pwdMaxFailure, pwdMaxAge, etc. and all organizationalUnits (and therefore, their users) will be affected by default unless configured otherwise.
\