[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Password policy



Or how about creating an OU=policies under the root DIT and including these
Objectclass: person
Objectclass: pwdpolicy
Objectclass: top
cn:default
pwdAttribute:2.5.4.35
sn:summy
pwdlockout:True
pwdMaxfailure:3

That was just a sample. All I wanted to show was creating an OU and mentioning cn=default. Does that take care of all users? Thanks


Jeevan


> Date: Mon, 19 Nov 2012 11:01:24 -0500
> Subject: Re: Password policy
> From: raubvogel@gmail.com
> To: jeev_biz@hotmail.com
> CC: openldap-technical@openldap.org
>
> On Mon, Nov 19, 2012 at 10:46 AM, jeevan kc <jeev_biz@hotmail.com> wrote:
> > Thanks . But we have like more than 25k users on the server. Doing that individually would be tedious. Is there any other way ?
> >
> How about a script of some sorts? Something on the lines of:
>
> ask ldap for the userlist (using ldapsearch)
> for each user
> Add objectClass: pwdPolicy (using ldapmodify)
> done
>
> > Sent from my iPhone
> >
> > On Nov 19, 2012, at 10:42 AM, "Mauricio Tavares" <raubvogel@gmail.com> wrote:
> >
> >> On Mon, Nov 19, 2012 at 10:14 AM, jeevan kc <jeev_biz@hotmail.com> wrote:
> >>> Hello
> >>>
> >>> I want to enable password policy on Openldap 2.4.30(to all users. I see that
> >>> the ppolicy.ldif and ppolicy.schema are listed under
> >>> /usr/local/etc/openldap/schema but are not present on
> >>> /usr/local/etc/openldap/slapd.d/cn=config folder. So do I need to add the
> >>> policy.ldif to the cn=config folder ? Is there like specific procedure to do
> >>> that or can I add manually with ldapadd ? Also how do I enable that schema
> >>> to all users ? Please help.
> >>>
> >>>
> >>> Jeevan
> >>
> >> If you have the policy as a diff, you could add it by saying
> >>
> >> ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/ppolicy.ldif
> >>
> >> Then you need to ldapmodify each user, adding something like
> >>
> >> objectClass: pwdPolicy
> >>
> >> to each of them.
> >>
> >> This is off the top of my head, so do verify before doing exciting
> >> thingies to your server. ;)