From cf7c0e5f275338381b0c45630d590a2369b28ef4 Mon Sep 17 00:00:00 2001
From: Marisa <leandromatias.martinez@gmail.com>
Date: Tue, 30 Sep 2025 14:59:25 -0400
Subject: [PATCH] Update README.md

---
 README.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/README.md b/README.md
index 0a79357..e4ec954 100644
--- a/README.md
+++ b/README.md
@@ -421,4 +421,19 @@ If the same output was returned, we are done with creating and loading the polic
 
 ## _Creating Passwords policies and schemas_
 
+First of all, update our openLDAP ACL (Acess Control List) so we can have SASL EXTERNAL perms for the Linux openLDAP user, "openldap", so it can enforce all the following rules we are going to create.
+Create the file update_acl.ldif with the following content:
+```
+root@example:/# vim update_acl.ldif
+dn: olcDatabase={1}mdb,cn=config
+changetype: modify
+replace: olcAccess
+olcAccess: {0}to attrs=userPassword,pwdPolicySubentry by self write by anonymous auth by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write by * none
+olcAccess: {1}to * by dn.exact="cn=admin,dc=example,dc=com" manage by * read
+```
+This probably looks confusing and even scary now, but it's pretty simple, it basically adds the pwdPolicySubentry attribute to the attributes SASL EXTERNAL can write. We will come back to it later anyways.
+
+
+### <ins>_Blocking user after wrong password tries_</ins>
+
 <!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->
\ No newline at end of file