Ppolicy Plugin

Functions of the plugin

  • Password aging (both minimum and maximum ages may be defined)
  • Password history to avoid re-use of the same password set within a time period
  • Password quality - new passwords may be checked for various characteristics
  • Maximum number of consecutive failed authentication attempts
  • Automatic account locking
  • Automatic or administrator action to unlock an account
  • Grace binds (allowing use of expired passwords for a limited number of attempts)
  • Password policies may be defined as being either DIT-wide or user specific

Installation ppolicy overlay

Debian
  • Install ppolicy plugin :
    apt-get install fusiondirectory-plugin-ppolicy*
  • Insert ppolicy schema:
    fusiondirectory-insert-schema -i /etc/ldap/schema/ppolicy.schema
    fusiondirectory-insert-schema -i /etc/ldap/schema/fusiondirectory/ppolicy-fd-conf.schema
  • Insert ppolicy module:
    ldapadd -Y EXTERNAL -H ldapi:// -f /usr/share/doc/fusiondirectory-plugin-ppolicy/ppolicymodule.ldif
  • Insert ppolicy config (modify the ldif for your database, hdb, mdb, … and your base):
    ldapadd -Y EXTERNAL -H ldapi:// -f /usr/share/doc/fusiondirectory-plugin-ppolicy/ppolicyconfig.ldif
RHEL / CentOS
  • Install ppolicy Plugin:
    yum install fusiondirectory-plugin-ppolicy
    yum install fusiondirectory-plugin-ppolicy-schema
  • Insert ppolicy schema:
    fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/ppolicy.schema
    fusiondirectory-insert-schema -i /etc/openldap/schema/fusiondirectory/ppolicy-fd-conf.schema
  • Insert ppolicy module:
    ldapadd -Y EXTERNAL -H ldapi:// -f /usr/share/doc/fusiondirectory-plugin-ppolicy/ppolicymodule.ldif
  • Insert ppolicy config (modify the ldif for your database, hdb, mdb, … and your base):
    ldapadd -Y EXTERNAL -H ldapi:// -f /usr/share/doc/fusiondirectory-plugin-ppolicy/ppolicyconfig.ldif
en/documentation/plugin/ppolicy.txt · Last modified: 2017/10/31 10:32 (external edit)
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0