diff --git a/README.md b/README.md index e4ec954..c28f58b 100644 --- a/README.md +++ b/README.md @@ -431,8 +431,42 @@ replace: olcAccess olcAccess: {0}to attrs=userPassword,pwdPolicySubentry by self write by anonymous auth by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write by * none olcAccess: {1}to * by dn.exact="cn=admin,dc=example,dc=com" manage by * read ``` -This probably looks confusing and even scary now, but it's pretty simple, it basically adds the pwdPolicySubentry attribute to the attributes SASL EXTERNAL can write. We will come back to it later anyways. +This probably looks confusing and even scary now, but it's pretty simple, it basically adds the pwdPolicySubentry attribute to the attributes SASL EXTERNAL can write. We will come back to it later anyways.\ +``` +root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f update_acl.ldif +``` + +Let's create a new basic LDAP directory with the Organizational Unit (ou) Supergirls and let's add the LDAP users (uid) Reimu and Marisa to the ou +``` +root@example:/# vim create_directory.ldif +dn: ou=Supergirls,dc=example,dc=com +changetype: add +objectClass: organizationalUnit +ou: Supergirls + +dn: uid=reimu,ou=Supergirls,dc=example,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: reimu +cn: Reimu Hakurei +sn: Hakurei +userPassword: {SSHA}mRl... # Generate with: slappasswd -s ying + +dn: uid=marisa,ou=Supergirls,dc=example,dc=com +changetype: add +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: marisa +cn: Marisa Kirisame +sn: Kirisame +userPassword: {SSHA}cgT... # Generate with: slappasswd -s yang +``` +That's a lot of data, but it creates our Supergirls directory, and with it the users reimu and marisa. +When copying and pasting, note there are 2 users that requires a password hash; by now you should know how to generate them, use the same password we are using here as well. ### _Blocking user after wrong password tries_