open-ldap-setup/pass.template.ldif

37 lines
979 B
Plaintext
Raw Normal View History

# load modules: pw-sha2, ppolicy, memberof
2024-03-28 21:28:27 +00:00
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: pw-sha2.la
olcModuleLoad: ppolicy.la
olcModuleLoad: memberof.la
2024-03-28 21:28:27 +00:00
# set default password hash to SSHA512
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
add: olcPasswordHash
olcPasswordHash: {SSHA512}
# add password policy to use SSHA512 hash
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: ppolicy
olcPPolicyDefault: cn=password,ou=policies,$BASE_DN
olcPPolicyHashCleartext: TRUE
olcPPolicyUseLockout: FALSE
olcPPolicyForwardUpdates: FALSE
# add memberof policy
dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf