Differences

This shows you the differences between two versions of the page.

--- centos7_openldap_ppolicy [2015/09/15 09:38] – created admin
+++ centos7_openldap_ppolicy [2015/09/15 09:40] – [Configure Provider (master) and consumer (slave)] admin
@@ Line 3: / Line 3: @@
 =====CentOS 7 - OpenLDAP 2.4 password policy (ppolicy)=====
-====Configure pProvider (master) and consumer (slave)====
+====Configure Provider (master) and consumer (slave)====
   * Load the ppolicy schema:<code># ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W -f /etc/openldap/schema/ppolicy.ldif</code>
   * Load the module:<code># ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF
@@ Line 17: / Line 17: @@
 olcPPolicyDefault: cn=ppolicy,ou=policies,dc=domain,dc=tld
 EOF</code>
+====Configure Provider (master)====
+  * Create the policies OU:<code># ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF
+dn: ou=policies,dc=polaire,dc=nl
+objectClass: top
+objectClass: organizationalUnit
+ou: policies
+EOF</code>
+  * Create the ppolice object:<code># ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF
+dn: cn=ppolicy,ou=policies,dc=domain,dc=tld
+cn: ppolicy
+objectClass: top
+objectClass: device
+objectClass: pwdPolicy
+objectClass: pwdPolicyChecker
+pwdAttribute: userPassword
+pwdInHistory: 8
+pwdMinLength: 8
+pwdMaxFailure: 3
+pwdFailureCountInterval: 1800
+pwdCheckQuality: 2
+pwdMustChange: TRUE
+pwdGraceAuthNLimit: 0
+pwdMaxAge: 7776000
+pwdExpireWarning: 1209600
+pwdLockoutDuration: 900
+pwdLockout: TRUE
+EOF