Category Archives: LDAP

OpenLDAP ppolicy

October 23, 2008 patrick.preuss Leave a comment

— snip /etc/ldap/slapd.conf —
# ppolicy schema
include /etc/ldap/schema/ppolicy.schema

moduleload ppolicy.la
overlay ppolicy
ppolicy_default “cn=default,ou=PasswordPolicy,dc=patrick-preuss,dc=de”
ppolicy_use_lockout
— snip /etc/ldap/slapd.conf —

— snip default.ldif —
dn: cn=default,ou=PasswordPolicy,dc=patrick-preuss,dc=de
objectClass: device
objectClass: pwdPolicy
objectClass: top
cn: default
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdCheckQuality: 1
pwdExpireWarning: 432000
pwdFailureCountInterval: 0
pwdGraceAuthNLimit: 0
pwdInHistory: 0
pwdLockout: FALSE
pwdLockoutDuration: 1920
pwdMaxAge: 7516800
pwdMaxFailure: 4
pwdMinLength: 6
pwdMustChange: TRUE
pwdSafeModify: FALSE
— snip default.ldif —

— snip peruser.ldif —
dn: cn=Patrick Marc Preuss,ou=People,dc=patrick-preuss,dc=de
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=noexpire,ou=PasswordPolicy,dc=patrick-preuss,dc=de
— snip peruser.ldif —

Computer, LDAP

mDNS und OpenLDAP

October 22, 2008 patrick.preuss Leave a comment

Zur Zeit schein der slapd noch keine API zu avahi zu haben.
Also doch ein wenig Handarbeit:-)

Mein Docu.

Computer, LDAP, Security

Kerberos und LDAP II

October 22, 2008 patrick.preuss Leave a comment

Normalerweise werden die Kerberos Attribute unter “cn=Kerberos,…” gespeichert.
Es ist möglich diese unter der “ou=People,….” in einem Account zu speichern.

Computer, Debian, LDAP