|
Or how about creating an OU=policies under the root DIT and including these
Objectclass: person Objectclass: pwdpolicy Objectclass: top cn:default pwdAttribute:2.5.4.35 sn:summy pwdlockout:True pwdMaxfailure:3 That was just a sample. All I wanted to show was creating an OU and mentioning cn=default. Does that take care of all users? Thanks Jeevan > Date: Mon, 19 Nov 2012 11:01:24 -0500 > Subject: Re: Password policy > From: raubvogel@gmail.com > To: jeev_biz@hotmail.com > CC: openldap-technical@openldap.org > > On Mon, Nov 19, 2012 at 10:46 AM, jeevan kc <jeev_biz@hotmail.com> wrote: > > Thanks . But we have like more than 25k users on the server. Doing that individually would be tedious. Is there any other way ? > > > How about a script of some sorts? Something on the lines of: > > ask ldap for the userlist (using ldapsearch) > for each user > Add objectClass: pwdPolicy (using ldapmodify) > done > > > Sent from my iPhone > > > > On Nov 19, 2012, at 10:42 AM, "Mauricio Tavares" <raubvogel@gmail.com> wrote: > > > >> On Mon, Nov 19, 2012 at 10:14 AM, jeevan kc <jeev_biz@hotmail.com> wrote: > >>> Hello > >>> > >>> I want to enable password policy on Openldap 2.4.30(to all users. I see that > >>> the ppolicy.ldif and ppolicy.schema are listed under > >>> /usr/local/etc/openldap/schema but are not present on > >>> /usr/local/etc/openldap/slapd.d/cn=config folder. So do I need to add the > >>> policy.ldif to the cn=config folder ? Is there like specific procedure to do > >>> that or can I add manually with ldapadd ? Also how do I enable that schema > >>> to all users ? Please help. > >>> > >>> > >>> Jeevan > >> > >> If you have the policy as a diff, you could add it by saying > >> > >> ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/ppolicy.ldif > >> > >> Then you need to ldapmodify each user, adding something like > >> > >> objectClass: pwdPolicy > >> > >> to each of them. > >> > >> This is off the top of my head, so do verify before doing exciting > >> thingies to your server. ;) |