[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password policy
On Mon, Nov 19, 2012 at 10:46 AM, jeevan kc <jeev_biz@hotmail.com> wrote:
> Thanks . But we have like more than 25k users on the server. Doing that individually would be tedious. Is there any other way ?
>
How about a script of some sorts? Something on the lines of:
ask ldap for the userlist (using ldapsearch)
for each user
Add objectClass: pwdPolicy (using ldapmodify)
done
> Sent from my iPhone
>
> On Nov 19, 2012, at 10:42 AM, "Mauricio Tavares" <raubvogel@gmail.com> wrote:
>
>> On Mon, Nov 19, 2012 at 10:14 AM, jeevan kc <jeev_biz@hotmail.com> wrote:
>>> Hello
>>>
>>> I want to enable password policy on Openldap 2.4.30(to all users. I see that
>>> the ppolicy.ldif and ppolicy.schema are listed under
>>> /usr/local/etc/openldap/schema but are not present on
>>> /usr/local/etc/openldap/slapd.d/cn=config folder. So do I need to add the
>>> policy.ldif to the cn=config folder ? Is there like specific procedure to do
>>> that or can I add manually with ldapadd ? Also how do I enable that schema
>>> to all users ? Please help.
>>>
>>>
>>> Jeevan
>>
>> If you have the policy as a diff, you could add it by saying
>>
>> ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/ppolicy.ldif
>>
>> Then you need to ldapmodify each user, adding something like
>>
>> objectClass: pwdPolicy
>>
>> to each of them.
>>
>> This is off the top of my head, so do verify before doing exciting
>> thingies to your server. ;)