Ben's notes

Link to this comparison view

--- centos7_openldap_ppolicy [2015/09/15 09:38] – [Configure pProvider (master) and consumer (slave)] admin
+++ centos7_openldap_ppolicy [2021/10/09 15:14] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 {{tag>[centos7 linux ldap openldap security ppolicy]}}
-~~TOC~~
 =====CentOS 7 - OpenLDAP 2.4 password policy (ppolicy)=====
@@ Line 16: / Line 15: @@
 objectClass: olcPPolicyConfig
 olcPPolicyDefault: cn=ppolicy,ou=policies,dc=domain,dc=tld
+EOF</code>
+====Configure Provider (master)====
+  * Create the policies OU:<code># ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF
+dn: ou=policies,dc=domain,dc=tld
+objectClass: top
+objectClass: organizationalUnit
+ou: policies
+EOF</code>
+  * Create the ppolicy object:<code># ldapadd -H ldaps://<FQDN> -x -D "cn=Manager,dc=domain,dc=tld" -W <<EOF
+dn: cn=ppolicy,ou=policies,dc=domain,dc=tld
+cn: ppolicy
+objectClass: top
+objectClass: device
+objectClass: pwdPolicy
+objectClass: pwdPolicyChecker
+pwdAttribute: userPassword
+pwdInHistory: 8
+pwdMinLength: 8
+pwdMaxFailure: 3
+pwdFailureCountInterval: 1800
+pwdCheckQuality: 2
+pwdMustChange: TRUE
+pwdGraceAuthNLimit: 0
+pwdMaxAge: 7776000
+pwdExpireWarning: 1209600
+pwdLockoutDuration: 900
+pwdLockout: TRUE
 EOF</code>