From bb697a8fd588fc7637669a90b1576c54dd011796 Mon Sep 17 00:00:00 2001
From: Marisa <leandromatias.martinez@gmail.com>
Date: Wed, 8 Oct 2025 12:43:51 -0400
Subject: [PATCH] Update INSTALL.md

---
 INSTALL.md | 41 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/INSTALL.md b/INSTALL.md
index 52ea820..191528f 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -41,7 +41,46 @@ userPassword: {SSHA}yxIgYTzcuRRdlesjfWkIN6K97/8jOrZF  # Replace with the hash of
 ```
 Execute create_admin.ldif using the root password (which is the container default for openLDAP root: _admin_)
 ```
-root@example:/etc/ldap# ldapadd -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w admin -f create_admin.ldif
+root@example:/# ldapadd -x -H ldap:/// -D "cn=admin,dc=example,dc=com" -w admin -f create_admin.ldif
 adding new entry "cn=admin,dc=example,dc=com"
 ```
 That's all, our administrator user was properly done.
+
+## _3- Load and enable policy modules_
+
+We need to make use of new schemas and **policies**, which in large part exists in /usr/lib/ppolicy.so -since the module exists, we are going to create modify_ppolicy_module.ldif to be able to make use of it:
+```
+root@example:/# cat > modify_ppolicy_module.ldif << EOL
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: ppolicy.so
+EOL
+``` 
+Run modify_ppolicy_module.ldif
+```
+root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f modify_ppolicy_module.ldif
+modifying entry "cn=module{0},cn=config"
+```
+Reset slapd (openLDAP server)
+```
+root@example:/# kill $(pidof slapd)
+root@example:/# slapd -h "ldap:/// ldapi:///" -g openldap -u openldap -F /etc/ldap/slapd.d
+```
+Now that we restarted our openLDAP server, we can load the new module, so we create the following .ldif file:
+```
+root@example:/# cat > enable_ppolicy.ldif << EOL
+dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcOverlay: ppolicy
+olcPPolicyDefault: cn=default,ou=policies,dc=example,dc=com
+EOL
+```
+Do load the module
+```
+root@example:/# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_ppolicy.ldif
+adding new entry "olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config"
+```
+The policies module has been loaded and we can begin to configure password schemas and ACLs.