okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update INSTALL.md

Browse Source
This commit is contained in:
Marisa 2025-10-12 13:53:21 -04:00
parent 643c5e41ce
commit ab177b04cd
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
INSTALL.md
View File

@ -29,7 +29,7 @@ root@example:/# slappasswd -s Op3nLd4p!
Create the .ldif file that will create the admin user, edit the _userPassword_ attribute with our password hash\ Create the .ldif file that will create the admin user, edit the _userPassword_ attribute with our password hash\
(you can copy & paste the entire command until userPassword, copy your password hash with the mouse, and paste it directly) (you can copy & paste the entire command until userPassword, copy your password hash with the mouse, and paste it directly)
``` ```
root@example:/# cat > create_admin.ldif << EOL root@example:/# cat > create_admin.ldif << EOF
dn: cn=admin,dc=example,dc=com dn: cn=admin,dc=example,dc=com
changetype: add changetype: add
objectClass: organizationalRole objectClass: organizationalRole
@ -37,7 +37,7 @@ objectClass: simpleSecurityObject
cn: admin cn: admin
description: LDAP administrator description: LDAP administrator
userPassword: {SSHA}vP1xt9t8+/GmOXmqlH1yNh305+MpUDe+ # Replace with the hash of your password userPassword: {SSHA}vP1xt9t8+/GmOXmqlH1yNh305+MpUDe+ # Replace with the hash of your password
EOL EOF
``` ```
``` ```
root@example:/# ldapadd -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w Op3nLd4p! -f create_admin.ldif root@example:/# ldapadd -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w Op3nLd4p! -f create_admin.ldif
@ -49,12 +49,12 @@ That's all, our administrator user was properly done.
We need to make use of new schemas and **policies**, which in large part exists in /usr/lib/ppolicy.so -since the module exists, we are going to create modify_ppolicy_module.ldif to be able to make use of it: We need to make use of new schemas and **policies**, which in large part exists in /usr/lib/ppolicy.so -since the module exists, we are going to create modify_ppolicy_module.ldif to be able to make use of it:
``` ```
root@example:/# cat > modify_ppolicy_module.ldif << EOL root@example:/# cat > modify_ppolicy_module.ldif << EOF
dn: cn=module{0},cn=config dn: cn=module{0},cn=config
changetype: modify changetype: modify
add: olcModuleLoad add: olcModuleLoad
olcModuleLoad: ppolicy.so olcModuleLoad: ppolicy.so
EOL EOF
``` ```
``` ```
root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f modify_ppolicy_module.ldif root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f modify_ppolicy_module.ldif
@ -67,14 +67,14 @@ root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ld
``` ```
Now that we restarted our openLDAP server, we can load the new module, so we create the following .ldif file: Now that we restarted our openLDAP server, we can load the new module, so we create the following .ldif file:
``` ```
root@example:/# cat > enable_ppolicy.ldif << EOL root@example:/# cat > enable_ppolicy.ldif << EOF
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
changetype: add changetype: add
objectClass: olcOverlayConfig objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig objectClass: olcPPolicyConfig
olcOverlay: ppolicy olcOverlay: ppolicy
olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
EOL EOF
``` ```
``` ```
root@example:/# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif root@example:/# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
@ -84,9 +84,9 @@ The policies module has been loaded and we can begin to configure password schem
## _4- Configure default password policies_ ## _4- Configure default password policies_
Create a basic overlay of your password policies, run this command, copy-paste the content then press enter to run it automatically. Once the entry has been added, go back to the shell with CTRL+C. Create a basic overlay of your password policies:
``` ```
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:/// root@example:/# cat > passwd_ppolicy_overlay.ldif << EOF
dn: cn=default,ou=policies,dc=example,dc=com dn: cn=default,ou=policies,dc=example,dc=com
objectClass: pwdPolicy objectClass: pwdPolicy
objectClass: organizationalRole objectClass: organizationalRole
@ -94,10 +94,11 @@ cn: default
pwdAttribute: userPassword pwdAttribute: userPassword
pwdMinLength: 8 pwdMinLength: 8
pwdCheckQuality: 2 pwdCheckQuality: 2
EOF
```
```
root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -w Op3nLd4p! -H ldapi:/// -f passwd_ppolicy_overlay.ldif
adding new entry "cn=default,ou=policies,dc=example,dc=com" adding new entry "cn=default,ou=policies,dc=example,dc=com"
^C
``` ```
You can change password policies like pwdMinLength, pwdMaxFailure, pwdMaxAge, etc. and all organizationalUnits (and therefore, their users) will be affected by default unless configured otherwise. You can change password policies like pwdMinLength, pwdMaxFailure, pwdMaxAge, etc. and all organizationalUnits (and therefore, their users) will be affected by default unless configured otherwise.
\ \