okasion/ldapdock
2
1
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Update INSTALL.md

Browse Source
This commit is contained in:
Marisa 2025-10-12 13:37:33 -04:00
parent d222085be8
commit e065f5ffc2
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
INSTALL.md
View File

@ -99,13 +99,13 @@ adding new entry "cn=default,ou=policies,dc=example,dc=com"
^C ^C
``` ```
You can change password policies like pwdMinLength, pwdMaxFailure, pwdMaxAge, etc. You can change password policies like pwdMinLength, pwdMaxFailure, pwdMaxAge, etc. and all organizationalUnits (and therefore, their users) will be affected by default unless configured otherwise.
\ \
\ \
In order to enforce our password configuration we need something to control. In order to enforce our password configuration we need something to control.
Copy the command, and copy-paste the content, press enter to exec, you can escape with CTRL+C. Copy the command, and copy-paste the content, press enter to exec, you can escape with CTRL+C.
``` ```
# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:/// root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
dn: ou=Supergirls,dc=example,dc=com dn: ou=Supergirls,dc=example,dc=com
objectClass: organizationalUnit objectClass: organizationalUnit
ou: Supergirls ou: Supergirls
@ -115,12 +115,12 @@ adding new entry "ou=Supergirls,dc=example,dc=com"
``` ```
Create a password hash for the user marisa Create a password hash for the user marisa
``` ```
root@example:/etc/ldap/slapd.d# slappasswd -s qwerty root@example:/# slappasswd -s qwerty
{SSHA}fgEXXr2J08jTVfgyOnkRL2I1JNL4Bp5V {SSHA}fgEXXr2J08jTVfgyOnkRL2I1JNL4Bp5V
``` ```
Copy-paste all this attributes after the command, remember to write down the hashed password correctly. Copy-paste all this attributes after the command, remember to write down the hashed password correctly.
``` ```
root@example:/etc/ldap/slapd.d# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:/// root@example:/# ldapadd -x -D "cn=admin,dc=example,dc=com" -w admin -H ldapi:///
dn: uid=marisa,ou=Supergirls,dc=example,dc=com dn: uid=marisa,ou=Supergirls,dc=example,dc=com
objectClass: inetOrgPerson objectClass: inetOrgPerson
objectClass: posixAccount objectClass: posixAccount
@ -141,12 +141,12 @@ adding new entry "uid=marisa,ou=Supergirls,dc=example,dc=com"
``` ```
marisa and all users added to Supergirls will respect the password default policies, you can check it out, example: marisa and all users added to Supergirls will respect the password default policies, you can check it out, example:
``` ```
root@example:/etc/ldap/slapd.d# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s marisakirisame root@example:/# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s marisakirisame
Result: Constraint violation (19) Result: Constraint violation (19)
Additional info: Password fails quality checking policy Additional info: Password fails quality checking policy
``` ```
Password rejected because we established before pwdMinLength was 8. Password rejected because we established before pwdMinLength was 8.
``` ```
root@example:/etc/ldap/slapd.d# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s kirisame root@example:/# ldappasswd -x -w qwerty -H ldapi:/// -D "uid=marisa,ou=Supergirls,dc=example,dc=com" -s kirisame
``` ```
"kirisame" is accepted because it's within 8 length characters. "kirisame" is accepted because it's within 8 length characters.