|
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org]
On Behalf Of Real, Elizabeth (392K) I have reinstalled openldap and applied slapo-ppolicy carefully looking at man pages and the configuration. How do I then apply this to existing openldap accounts? Thank you, Liz You need to have a ‘pwdPolicySubentry’ attribute assigned to each user and the value for that attribute would have to be a valid DN of the password policy
itself. For example, below is what I used to add password policy recently – fix as needed, YMMV #!/bin/bash # # assign password policy to LDAP users for USER in `cat users`; do ldapmodify -x -D cn=rootbinddn,dc=example,dc=com -w $SOME_PASSWORD <<! dn: uid=$USER,ou=people,dc=example,dc=com changetype: modify add: pwdPolicySubentry pwdPolicySubentry: cn=personnelpp,ou=Policies,dc=example,dc=com ! Done Craig |