From 3ac021d9220bde35ac74788506c89456c50be975 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Wed, 11 Sep 2024 15:06:18 +0200 Subject: [PATCH] slapd: enable password policies this will facilitate proper locking of accounts --- roles/slapd/templates/slapd.conf.j2 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roles/slapd/templates/slapd.conf.j2 b/roles/slapd/templates/slapd.conf.j2 index cd1f141..26a7eab 100644 --- a/roles/slapd/templates/slapd.conf.j2 +++ b/roles/slapd/templates/slapd.conf.j2 @@ -12,6 +12,7 @@ include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/kitchen.schema include /etc/ldap/schema/misc.schema +include /etc/ldap/schema/namedobject.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/openssh-lpk.schema include /etc/ldap/schema/radius.schema @@ -31,6 +32,7 @@ loglevel sync # Load dynamic backend modules: modulepath /usr/lib/ldap moduleload back_mdb.la +moduleload ppolicy.la {% if slapd_role == 'master' %} moduleload syncprov.la {% endif %} @@ -134,6 +136,14 @@ index mail eq index mailAlternateAddress eq +####################################################################### +# Password Policies +####################################################################### + +overlay ppolicy +ppolicy_default "cn=pp-default,ou=policies,dc=binary-kitchen,dc=de" + + {% if slapd_role == 'master' %} ####################################################################### # Replication