OpenLDAP Password Policies

From Notes

Jump to: navigation, search

Sample policy that will:

force expiration every 90 days
require minimum length of 8 characters
retain last 5 passwords in history
locks user accounts after 3 failures for 15 minutes
allow users to change their password

dn: cn=default,ou=Policies,dc=example,dc=com
cn: default
objectClass: pwdPolicy
objectClass: device
pwdMaxAge: 7776000
pwdAttribute: userPassword
pwdMinLength: 8
pwdInHistory: 5
pwdCheckQuality: 1
pwdExpireWarning: 604800
pwdLockout: TRUE
pwdMaxFailure: 3
pwdLockoutDuration: 900
pwdAllowUserChange: TRUE
pwdGraceAuthNLimit: 0

slapd.conf entries:

include /usr/share/openldap/schema/ppolicy.schema
moduleload /usr/lib/openldap/ppolicy.la
overlay ppolicy
ppolicy_default "cn=default,ou=Policies,dc=example,dc=com"

Retrieved from "http://www.itsecureadmin.com/wiki/index.php/OpenLDAP_Password_Policies"

Views

Personal tools

Log in

Search

Toolbox