[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password policy

To: jeevan kc <jeev_biz@hotmail.com>
Subject: Re: Password policy
From: Mauricio Tavares <raubvogel@gmail.com>
Date: Mon, 19 Nov 2012 11:01:24 -0500
Cc: openldap-technical <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pNPApQSLERrpxnLqXaeqcIxnKitlWW0mMNAmullsaXY=; b=MCNucuv85oQsYAO3jpzdyQLitvKQYRjtugoZKJw+ZN2kG6eQWqIDV6E+CHdf7wW7dU DbDHDvRlT2zXuZRf/e52vIOiWm/S8WxZ2ggxlhXqJwVeFeVxq215yN3Q1GvF7fLqgoCu yUrL+zsYvY9Cng6khLm5651k24f+Of9OZvEANZcSYi0b5QKFsFc4x4DHwM8ERR0XtQ86 RcngeR4vA+oz9tL17IVdePwzUzB4tODa2ZwM83XSSngTcZ45l3p0XjbcjMTVpjBqISsg 5dogQGey4On9tp0BQBl6TqcMxn75+dMdNrglzoczFhJQpMd+BepIkRk0BGySx06LxSeo Htfg==
In-reply-to: <SNT402-EAS46617E510BE5EAA87FEE21FFD560@phx.gbl>
References: <SNT137-W1F6CB317E1B579F37605BFD560@phx.gbl> <CAHEKYV5NXO+wFHvONdvUVcFVZq-4CiTQhJHpCdqGpxM+pzBYPg@mail.gmail.com> <SNT402-EAS46617E510BE5EAA87FEE21FFD560@phx.gbl>

On Mon, Nov 19, 2012 at 10:46 AM, jeevan kc <jeev_biz@hotmail.com> wrote:
> Thanks . But we have like more than 25k users on the server. Doing that individually would be tedious. Is there any other way ?
>
      How about a script of some sorts? Something on the lines of:

ask ldap for the userlist (using ldapsearch)
for each user
   Add objectClass: pwdPolicy (using ldapmodify)
done

> Sent from my iPhone
>
> On Nov 19, 2012, at 10:42 AM, "Mauricio Tavares" <raubvogel@gmail.com> wrote:
>
>> On Mon, Nov 19, 2012 at 10:14 AM, jeevan kc <jeev_biz@hotmail.com> wrote:
>>> Hello
>>>
>>> I want to enable password policy on Openldap 2.4.30(to all users. I see that
>>> the ppolicy.ldif and ppolicy.schema are listed under
>>> /usr/local/etc/openldap/schema but are not present on
>>> /usr/local/etc/openldap/slapd.d/cn=config folder. So do I need to add the
>>> policy.ldif to the cn=config folder ? Is there like specific procedure to do
>>> that or can I add manually with ldapadd ? Also how do I enable that schema
>>> to all users ? Please help.
>>>
>>>
>>> Jeevan
>>
>> If you have the policy as a diff, you could add it by saying
>>
>> ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/ppolicy.ldif
>>
>> Then you need to ldapmodify each user, adding something like
>>
>> objectClass: pwdPolicy
>>
>> to each of them.
>>
>> This is off the top of my head, so do verify before doing exciting
>> thingies to your server. ;)

Follow-Ups:
- RE: Password policy
  - From: jeevan kc <jeev_biz@hotmail.com>

References:
- Password policy
  - From: jeevan kc <jeev_biz@hotmail.com>
- Re: Password policy
  - From: Mauricio Tavares <raubvogel@gmail.com>

Prev by Date: Re: Password policy
Next by Date: RE: Password policy
Index(es):
- Chronological
- Thread