{{tag>[centos7 linux ldap openldap security ppolicy]}}
=====CentOS 7 - OpenLDAP 2.4 password policy (ppolicy)=====
====Configure Provider (master) and consumer (slave)====
* Load the ppolicy schema:# ldapadd -H ldaps:// -x -D "cn=Manager,dc=domain,dc=tld" -W -f /etc/openldap/schema/ppolicy.ldif
* Load the module:# ldapadd -H ldaps:// -x -D "cn=Manager,dc=domain,dc=tld" -W <
* Add the overlay:# ldapadd -H ldaps:// -x -D "cn=Manager,dc=domain,dc=tld" -W <
====Configure Provider (master)====
* Create the policies OU:# ldapadd -H ldaps:// -x -D "cn=Manager,dc=domain,dc=tld" -W <
* Create the ppolicy object:# ldapadd -H ldaps:// -x -D "cn=Manager,dc=domain,dc=tld" -W <