Add ppolicy overlay

README.md

@@ -48,7 +48,7 @@ $ docker build -t openldap .
 ```
 
 The result will be a Docker image built for the local system's architecture
-and stroed in the local Docker image list. Running said image would look like:
+and stored in the local Docker image list. Running said image would look like:
 
 ```sh
 $ docker run --rm -it -p 1389:389 openldap

bootstrap/config/ppolicy.ldif

@@ -0,0 +1,14 @@
+# Load ppolicy module
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: ppolicy
+
+# Backend ppolicy overlay
+dn: olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcOverlay: {2}ppolicy
+olcPPolicyDefault: cn=default,ou=ppolicies,dc=planetexpress,dc=com
+olcPPolicyHashCleartext: TRUE

bootstrap/data/10_people_bender.ldif

@@ -492,4 +492,5 @@ ou: Delivering Crew
 uid: bender
 userPassword:: e3NzaGF9amxCTnNmVVdKK0tIWHprRFVuYTJSSTBjK09PNmlGdzAxZHd3K3c9P
  Q==
+pwdPolicySubentry: cn=robot,ou=ppolicies,dc=planetexpress,dc=com
 

bootstrap/data/50_ppolicies.ldif

@@ -0,0 +1,5 @@
+dn: ou=ppolicies,dc=planetexpress,dc=com
+objectClass: top
+objectClass: organizationalUnit
+description: Password policies
+ou: ppolicies

bootstrap/data/60_ppolicy_default.ldif

@@ -0,0 +1,19 @@
+dn: cn=default,ou=ppolicies,dc=planetexpress,dc=com
+objectClass: pwdPolicy
+objectClass: organizationalRole
+cn: default
+pwdAttribute: userPassword
+pwdAllowUserChange: TRUE
+pwdCheckQuality: 1
+pwdExpireWarning: 0
+pwdFailureCountInterval: 0
+pwdGraceAuthNLimit: 0
+pwdInHistory: 0
+pwdLockout: FALSE
+pwdLockoutDuration: 0
+pwdMaxAge: 0
+pwdMaxFailure: 0
+pwdMinAge: 0
+pwdMinLength: 0
+pwdMustChange: FALSE
+pwdSafeModify: FALSE

bootstrap/data/60_ppolicy_robot.ldif

@@ -0,0 +1,19 @@
+dn: cn=robot,ou=ppolicies,dc=planetexpress,dc=com
+objectClass: pwdPolicy
+objectClass: organizationalRole
+cn: robot
+pwdAttribute: userPassword
+pwdAllowUserChange: TRUE
+pwdCheckQuality: 1
+pwdExpireWarning: 1001
+pwdFailureCountInterval: 0
+pwdGraceAuthNLimit: 0
+pwdInHistory: 0
+pwdLockout: FALSE
+pwdLockoutDuration: 0
+pwdMaxAge: 1000
+pwdMaxFailure: 0
+pwdMinAge: 0
+pwdMinLength: 0
+pwdMustChange: TRUE
+pwdSafeModify: FALSE

bootstrap/slapd-init.sh

@@ -91,6 +91,11 @@ configure_memberof_overlay(){
   ldapmodify -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/memberof.ldif -Q
 }
 
+configure_ppolicy_overlay(){
+    echo "Configure ppolicy overlay..."
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/ppolicy.ldif -Q
+}
+
 load_initial_data() {
     echo "Load data..."
     local data=$(find ${DATA_DIR} -maxdepth 1 -name \*_\*.ldif -type f | sort)
@@ -125,6 +130,7 @@ configure_msad_features
 configure_tls
 configure_logging
 configure_memberof_overlay
+configure_ppolicy_overlay
 load_initial_data
 
 kill -INT `cat /run/slapd/slapd.pid`