centos7_openldap_ppolicy
Table of Contents
CentOS 7 - OpenLDAP 2.4 password policy (ppolicy)
Configure Provider (master) and consumer (slave)
- Load the ppolicy schema:
# ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W -f /etc/openldap/schema/ppolicy.ldif
- Load the module:
# ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: ppolicy.la EOF
- Add the overlay:
# ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF dn: olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config objectClass: olcPPolicyConfig olcPPolicyDefault: cn=ppolicy,ou=policies,dc=domain,dc=tld EOF
Configure Provider (master)
- Create the policies OU:
# ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF dn: ou=policies,dc=domain,dc=tld objectClass: top objectClass: organizationalUnit ou: policies EOF
- Create the ppolicy object:
# ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF dn: cn=ppolicy,ou=policies,dc=domain,dc=tld cn: ppolicy objectClass: top objectClass: device objectClass: pwdPolicy objectClass: pwdPolicyChecker pwdAttribute: userPassword pwdInHistory: 8 pwdMinLength: 8 pwdMaxFailure: 3 pwdFailureCountInterval: 1800 pwdCheckQuality: 2 pwdMustChange: TRUE pwdGraceAuthNLimit: 0 pwdMaxAge: 7776000 pwdExpireWarning: 1209600 pwdLockoutDuration: 900 pwdLockout: TRUE EOF
centos7_openldap_ppolicy.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1