OpenLDAP Dual Master Compilation and Installation

Read

BerkeleyDB installation:

 <trans data-src="$ yum install gcc gcc-c++ gcc-objc gcc-objc++ libobjc openssl openssl-devel libtool-ltdl-devel openldap-devel">$ yum install gcc gcc-c++ gcc-objc gcc-objc++ libobjc openssl openssl-devel libtool-ltdl-devel openldap-devel</trans> <trans data-src="#$ yum install libacl-devel libblkid-devel gnutls-devel readline-devel python-devel autoconf gcc-c++ gcc glibc-devel glibc-headers kernel-headers libgomp libstdc++-devel openssl-devel e2fsprogs-devel keyutils-libs-devel krb5-devel libselinux-devel libsepol-devel libtool-ltdl-devel">#$ yum install libacl-devel libblkid-devel gnutls-devel readline-devel python-devel autoconf gcc-c++ gcc glibc-devel glibc-headers kernel-headers libgomp libstdc++-devel openssl-devel e2fsprogs-devel keyutils-libs-devel krb5-devel libselinux-devel libsepol-devel libtool-ltdl-devel</trans> <trans data-src="$ wget ">$ wget </trans> <trans data-src="http://download.oracle.com/berkeley-db/db-5.1.29.tar.gz">http://download.oracle.com/berkeley-db/db-5.1.29.tar.gz</trans> <trans data-src="$ tar zxf db-5.1.29.tar.gz ">$ tar zxf db-5.1.29.tar.gz </trans> <trans data-src="$ cd db-5.1.29/build_unix/">$ cd db-5.1.29/build_unix/</trans> <trans data-src="$ ../">$ ../</trans> <trans data-src="dist/configure ">dist/configure </trans> <trans data-src="$ make && make install">$ make && make install</trans> <trans data-src="$ echo "/usr/local/BerkeleyDB.5.1/lib/" >> /etc/ld.so.conf                    ">$ echo "/usr/local/BerkeleyDB.5.1/lib/" >> /etc/ld.so.conf                    </trans> <trans data-src="$ ldconfig ">$ ldconfig </trans> <trans data-src="$ ldconfig -v">$ ldconfig -v</trans>

zero

one

two

three

four

five

six

seven

eight

nine

$ yum install gcc gcc - c ++ gcc - objc gcc - objc ++ libobjc openssl openssl - devel libtool - ltdl - devel openldap - devel

#$ yum install libacl-devel libblkid-devel gnutls-devel readline-devel python-devel autoconf gcc-c++ gcc glibc-devel glibc-headers kernel-headers libgomp libstdc++-devel openssl-devel e2fsprogs-devel keyutils-libs-devel krb5-devel libselinux-devel libsepol-devel libtool-ltdl-devel

$ wget http : //download.oracle.com/berkeley-db/db-5.1.29.tar.gz

$ tar zxf db - 5.1.29.tar.gz

$ cd db - 5.1.29 / build_unix /

$ . . / dist / configure

$ make && make install

$ echo "/usr/local/BerkeleyDB.5.1/lib/" > > / etc / ld . so . conf

$ ldconfig

$ ldconfig - v

OpenLDAP installation:

 <trans data-src="$ wget ">$ wget </trans> <trans data-src="ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.48.tgz">ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.48.tgz</trans> <trans data-src="$ tar zxf openldap-2.4.48.tgz">$ tar zxf openldap-2.4.48.tgz</trans> <trans data-src="$ cd openldap-2.4.48">$ cd openldap-2.4.48</trans> <trans data-src="$ env CPPFLAGS="-I/usr/local/BerkeleyDB.5.1/include" LDFLAGS="-L/usr/local/BerkeleyDB.5.1/lib -D_GNU_SOURCE" ./">$ env CPPFLAGS="-I/usr/local/BerkeleyDB.5.1/include" LDFLAGS="-L/usr/local/BerkeleyDB.5.1/lib -D_GNU_SOURCE" ./</trans> <trans data-src="configure --prefix=/opt/openldap-2.4.48 --enable-overlays=mod --enable-modules --enable-bdb --enable-mdb --with-tls --enable-crypt --enable-accesslog --enable-auditlog --enable-collect --enable-memberof --enable-syncprov">configure --prefix=/opt/openldap-2.4.48 --enable-overlays=mod --enable-modules --enable-bdb --enable-mdb --with-tls --enable-crypt --enable-accesslog --enable-auditlog --enable-collect --enable-memberof --enable-syncprov</trans> <trans data-src="$ make depend && make && make install">$ make depend && make && make install</trans> <trans data-src="$ for i in `ls -l /usr/local/openldap/bin/ | awk '{print $9}' | grep -v ^$`;">$ for i in `ls -l /usr/local/openldap/bin/ | awk '{print $9}' | grep -v ^$`;</trans> <trans data-src="do ln -s /usr/local/openldap/bin/$i /usr/local/bin/$i;done">do ln -s /usr/local/openldap/bin/$i /usr/local/bin/$i;done</trans> <trans data-src="$ for i in `ls -l /usr/local/openldap/sbin/ | awk '{print $9}' | grep -v ^$`;">$ for i in `ls -l /usr/local/openldap/sbin/ | awk '{print $9}' | grep -v ^$`;</trans> <trans data-src="do ln -s /usr/local/openldap/sbin/$i /usr/local/sbin/$i;done">do ln -s /usr/local/openldap/sbin/$i /usr/local/sbin/$i;done</trans> <trans data-src="$ ln -s /usr/local/openldap/include/* /usr/local/include/">$ ln -s /usr/local/openldap/include/* /usr/local/include/</trans>

zero

one

two

three

four

five

six

seven

$ wget ftp : //ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.48.tgz

$ tar zxf openldap - 2.4.48.tgz

$ cd openldap - 2.4.48

$ env CPPFLAGS = "-I/usr/local/BerkeleyDB.5.1/include" LDFLAGS = "-L/usr/local/BerkeleyDB.5.1/lib -D_GNU_SOURCE" . / configure -- prefix =/ opt / openldap - 2.4.48 -- enable - overlays = mod -- enable - modules -- enable - bdb -- enable - mdb -- with - tls -- enable - crypt -- enable - accesslog -- enable - auditlog -- enable - collect -- enable - memberof -- enable - syncprov

$ make depend && make && make install

$ for i in `ls -l /usr/local/openldap/bin/ | awk '{print $9}' | grep -v ^$`; do ln - s / usr / local / openldap / bin / $ i / usr / local / bin / $ i ; done

$ for i in ` ls - l / usr / local / openldap / sbin / | awk '{print $9}' | grep - v ^ $ ` ; do ln - s / usr / local / openldap / sbin / $ i / usr / local / sbin / $ i ; done

$ ln - s / usr / local / openldap / include /* / usr / local / include /

Profile:

Openldap configuration file: SourceByrd's Weblog- https://note.t4x.org/project/openldap-master-configure/
M1:

<trans data-src="# egrep -v "#|^$" /usr/local/openldap/etc/openldap/slapd.conf"># egrep -v "#|^$" /usr/local/openldap/etc/openldap/slapd.conf</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/corba.schema">include /usr/local/openldap/etc/openldap/schema/corba.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/core.schema">include /usr/local/openldap/etc/openldap/schema/core.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/cosine.schema">include /usr/local/openldap/etc/openldap/schema/cosine.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/duaconf.schema">include /usr/local/openldap/etc/openldap/schema/duaconf.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/dyngroup.schema">include /usr/local/openldap/etc/openldap/schema/dyngroup.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema">include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/java.schema">include /usr/local/openldap/etc/openldap/schema/java.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/misc.schema">include /usr/local/openldap/etc/openldap/schema/misc.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/nis.schema">include /usr/local/openldap/etc/openldap/schema/nis.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/openldap.schema">include /usr/local/openldap/etc/openldap/schema/openldap.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/ppolicy.schema">include /usr/local/openldap/etc/openldap/schema/ppolicy.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/collective.schema">include /usr/local/openldap/etc/openldap/schema/collective.schema</trans> <trans data-src="pidfile /opt/openldap-2.4.48/var/run/slapd.pid">pidfile /opt/openldap-2.4.48/var/run/slapd.pid</trans> <trans data-src="argsfile /opt/openldap-2.4.48/var/run/slapd.args">argsfile /opt/openldap-2.4.48/var/run/slapd.args</trans> <trans data-src="serverID 1">serverID 1</trans> <trans data-src="modulepath /opt/openldap-2.4.48/libexec/openldap">modulepath /opt/openldap-2.4.48/libexec/openldap</trans> <trans data-src="moduleload ppolicy.la">moduleload ppolicy.la</trans> <trans data-src="access to *">access to *</trans> <trans data-src="by self write">by self write</trans> <trans data-src="by anonymous auth">by anonymous auth</trans> <trans data-src="by * read">by * read</trans> <trans data-src="database mdb">database mdb</trans> <trans data-src="maxsize 1073741824">maxsize 1073741824</trans> <trans data-src="suffix ">suffix </trans> <trans data-src=""dc=ldap,dc=t4x,dc=org"">"dc=ldap,dc=t4x,dc=org"</trans> <trans data-src="checkpoint 2048 10">checkpoint 2048 10</trans> <trans data-src="rootdn ">rootdn </trans> <trans data-src=""cn=admin,dc=ldap,dc=t4x,dc=org"">"cn=admin,dc=ldap,dc=t4x,dc=org"</trans> <trans data-src="directory /opt/openldap-2.4.48/var/openldap-data">directory /opt/openldap-2.4.48/var/openldap-data</trans> <trans data-src="syncrepl rid=001">syncrepl rid=001</trans> <trans data-src="provider=">provider=</trans> <trans data-src="ldap://192.168.227.34">ldap://192.168.227.34</trans> <trans data-src="binddn="cn=admin,dc=ldap,dc=t4x,dc=org"">binddn="cn=admin,dc=ldap,dc=t4x,dc=org"</trans> <trans data-src="bindmethod=simple">bindmethod=simple</trans> <trans data-src="credentials=admin">credentials=admin</trans> <trans data-src="searchbase="dc=ldap,dc=t4x,dc=org"">searchbase="dc=ldap,dc=t4x,dc=org"</trans> <trans data-src="schemachecking=off">schemachecking=off</trans> <trans data-src="type=refreshAndPersist">type=refreshAndPersist</trans> <trans data-src="retry="60 +"">retry="60 +"</trans> <trans data-src="TLSCACertificatePath /usr/local/openldap/ssl/">TLSCACertificatePath /usr/local/openldap/ssl/</trans> <trans data-src="TLSCertificateFile "\"OpenLDAP Server\""">TLSCertificateFile "\"OpenLDAP Server\""</trans> <trans data-src="TLSCACertificateFile /usr/local/openldap/ssl/cacert.pem">TLSCACertificateFile /usr/local/openldap/ssl/cacert.pem</trans> <trans data-src="TLSCertificateFile /usr/local/openldap/ssl/ldapcert.pem">TLSCertificateFile /usr/local/openldap/ssl/ldapcert.pem</trans> <trans data-src="TLSCertificateKeyFile /usr/local/openldap/ssl/ldapkey.pem">TLSCertificateKeyFile /usr/local/openldap/ssl/ldapkey.pem</trans> <trans data-src="TlsVerifyClient never">TlsVerifyClient never</trans> <trans data-src="index objectClass eq,pres">index objectClass eq,pres</trans> <trans data-src="index ou,cn,mail,surname,givenname eq,pres,sub">index ou,cn,mail,surname,givenname eq,pres,sub</trans> <trans data-src="index uidNumber,gidNumber,loginShell eq,pres">index uidNumber,gidNumber,loginShell eq,pres</trans> <trans data-src="index uid,memberUid eq,pres,sub">index uid,memberUid eq,pres,sub</trans> <trans data-src="index nisMapName,nisMapEntry eq,pres,sub">index nisMapName,nisMapEntry eq,pres,sub</trans> <trans data-src="loglevel 296">loglevel 296</trans> <trans data-src="rootpw ">rootpw </trans> <trans data-src="{SSHA}iMgn">{SSHA}iMgn</trans> <trans data-src="+YhiZm1O9QB6BBZuOS+ko/Gb/262">+YhiZm1O9QB6BBZuOS+ko/Gb/262</trans> <trans data-src="mirrormode TRUE">mirrormode TRUE</trans> <trans data-src="overlay syncprov">overlay syncprov</trans> <trans data-src="syncprov-nopresent TRUE">syncprov-nopresent TRUE</trans> <trans data-src="syncprov-reloadhint TRUE">syncprov-reloadhint TRUE</trans> <trans data-src="syncprov-checkpoint 100 2 ">syncprov-checkpoint 100 2 </trans> <trans data-src="overlay ppolicy">overlay ppolicy</trans> <trans data-src="password-hash {SSHA}">password-hash {SSHA}</trans> <trans data-src="ppolicy_default cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org">ppolicy_default cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="ppolicy_hash_cleartext">ppolicy_hash_cleartext</trans> <trans data-src="ppolicy_use_lockout">ppolicy_use_lockout</trans>

zero
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
fifty-four
fifty-five
fifty-six
fifty-seven
fifty-eight
fifty-nine
sixty

# egrep -v "#|^$" /usr/local/openldap/etc/openldap/slapd.conf
include          / usr / local / openldap / etc / openldap / schema / corba . schema
include          / usr / local / openldap / etc / openldap / schema / core . schema
include          / usr / local / openldap / etc / openldap / schema / cosine . schema
include          / usr / local / openldap / etc / openldap / schema / duaconf . schema
include          / usr / local / openldap / etc / openldap / schema / dyngroup . schema
include          / usr / local / openldap / etc / openldap / schema / inetorgperson . schema
include          / usr / local / openldap / etc / openldap / schema / java . schema
include          / usr / local / openldap / etc / openldap / schema / misc . schema
include          / usr / local / openldap / etc / openldap / schema / nis . schema
include          / usr / local / openldap / etc / openldap / schema / openldap . schema
include          / usr / local / openldap / etc / openldap / schema / ppolicy . schema
include          / usr / local / openldap / etc / openldap / schema / collective . schema
pidfile          / opt / openldap - 2.4.48 / var / run / slapd . pid
argsfile          / opt / openldap - 2.4.48 / var / run / slapd . args
serverID one
modulepath        / opt / openldap - 2.4.48 / libexec / openldap
moduleload       ppolicy . la
access to *
     by self write
     by anonymous auth
     by * read
database         mdb
maxsize          one billion seventy-three million seven hundred and forty-one thousand eight hundred and twenty-four
suffix            "dc=ldap,dc=t4x,dc=org"
checkpoint        two thousand and forty-eight ten
rootdn            "cn=admin,dc=ldap,dc=t4x,dc=org"
directory        / opt / openldap - 2.4.48 / var / openldap - data
syncrepl rid = 001
     provider = ldap : //192.168.227.34
     binddn = "cn=admin,dc=ldap,dc=t4x,dc=org"
     bindmethod = simple
     credentials = admin
     searchbase = "dc=ldap,dc=t4x,dc=org"
     schemachecking = off
     type = refreshAndPersist
     retry = "60 +"
TLSCACertificatePath / usr / local / openldap / ssl /
TLSCertificateFile "\"OpenLDAP Server\""
TLSCACertificateFile / usr / local / openldap / ssl / cacert . pem
TLSCertificateFile / usr / local / openldap / ssl / ldapcert . pem
TLSCertificateKeyFile    / usr / local / openldap / ssl / ldapkey . pem
TlsVerifyClient never
index objectClass                       eq , pres
index ou , cn , mail , surname , givenname       eq , pres , sub
index uidNumber , gidNumber , loginShell     eq , pres
index uid , memberUid                     eq , pres , sub
index nisMapName , nisMapEntry             eq , pres , sub
loglevel      two hundred and ninety-six
rootpw    { SSHA } iMgn + YhiZm1O9QB6BBZuOS + ko / Gb / two hundred and sixty-two
mirrormode TRUE
overlay syncprov
syncprov - nopresent TRUE
syncprov - reloadhint TRUE
syncprov - checkpoint one hundred two

overlay ppolicy
password - hash { SSHA }
ppolicy_default cn = security , ou = Policies , dc = ldap , dc = t4x , dc = org
ppolicy_hash_cleartext
ppolicy_use_lockout

M2:

<trans data-src="# egrep -v "#|^$" /usr/local/openldap/etc/openldap/slapd.conf"># egrep -v "#|^$" /usr/local/openldap/etc/openldap/slapd.conf</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/corba.schema">include /usr/local/openldap/etc/openldap/schema/corba.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/core.schema">include /usr/local/openldap/etc/openldap/schema/core.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/cosine.schema">include /usr/local/openldap/etc/openldap/schema/cosine.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/duaconf.schema">include /usr/local/openldap/etc/openldap/schema/duaconf.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/dyngroup.schema">include /usr/local/openldap/etc/openldap/schema/dyngroup.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema">include /usr/local/openldap/etc/openldap/schema/inetorgperson.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/java.schema">include /usr/local/openldap/etc/openldap/schema/java.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/misc.schema">include /usr/local/openldap/etc/openldap/schema/misc.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/nis.schema">include /usr/local/openldap/etc/openldap/schema/nis.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/openldap.schema">include /usr/local/openldap/etc/openldap/schema/openldap.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/ppolicy.schema">include /usr/local/openldap/etc/openldap/schema/ppolicy.schema</trans> <trans data-src="include /usr/local/openldap/etc/openldap/schema/collective.schema">include /usr/local/openldap/etc/openldap/schema/collective.schema</trans> <trans data-src="pidfile /opt/openldap-2.4.48/var/run/slapd.pid">pidfile /opt/openldap-2.4.48/var/run/slapd.pid</trans> <trans data-src="argsfile /opt/openldap-2.4.48/var/run/slapd.args">argsfile /opt/openldap-2.4.48/var/run/slapd.args</trans> <trans data-src="serverID 2">serverID 2</trans> <trans data-src="modulepath /opt/openldap-2.4.48/libexec/openldap">modulepath /opt/openldap-2.4.48/libexec/openldap</trans> <trans data-src="moduleload ppolicy.la">moduleload ppolicy.la</trans> <trans data-src="access to *">access to *</trans> <trans data-src="by self write">by self write</trans> <trans data-src="by anonymous auth">by anonymous auth</trans> <trans data-src="by * read">by * read</trans> <trans data-src="database mdb">database mdb</trans> <trans data-src="maxsize 1073741824">maxsize 1073741824</trans> <trans data-src="suffix ">suffix </trans> <trans data-src=""dc=ldap,dc=t4x,dc=org"">"dc=ldap,dc=t4x,dc=org"</trans> <trans data-src="checkpoint 2048 10">checkpoint 2048 10</trans> <trans data-src="rootdn ">rootdn </trans> <trans data-src=""cn=admin,dc=ldap,dc=t4x,dc=org"">"cn=admin,dc=ldap,dc=t4x,dc=org"</trans> <trans data-src="directory /opt/openldap-2.4.48/var/openldap-data">directory /opt/openldap-2.4.48/var/openldap-data</trans> <trans data-src="syncrepl rid=001">syncrepl rid=001</trans> <trans data-src="provider=">provider=</trans> <trans data-src="ldap://192.168.227.33">ldap://192.168.227.33</trans> <trans data-src="binddn="cn=admin,dc=ldap,dc=t4x,dc=org"">binddn="cn=admin,dc=ldap,dc=t4x,dc=org"</trans> <trans data-src="bindmethod=simple">bindmethod=simple</trans> <trans data-src="credentials=admin">credentials=admin</trans> <trans data-src="searchbase="dc=ldap,dc=t4x,dc=org"">searchbase="dc=ldap,dc=t4x,dc=org"</trans> <trans data-src="schemachecking=off">schemachecking=off</trans> <trans data-src="type=refreshAndPersist">type=refreshAndPersist</trans> <trans data-src="retry="60 +"">retry="60 +"</trans> <trans data-src="TLSCACertificatePath /usr/local/openldap/ssl/">TLSCACertificatePath /usr/local/openldap/ssl/</trans> <trans data-src="TLSCertificateFile "\"OpenLDAP Server\""">TLSCertificateFile "\"OpenLDAP Server\""</trans> <trans data-src="TLSCACertificateFile /usr/local/openldap/ssl/cacert.pem">TLSCACertificateFile /usr/local/openldap/ssl/cacert.pem</trans> <trans data-src="TLSCertificateFile /usr/local/openldap/ssl/ldapcert.pem">TLSCertificateFile /usr/local/openldap/ssl/ldapcert.pem</trans> <trans data-src="TLSCertificateKeyFile /usr/local/openldap/ssl/ldapkey.pem">TLSCertificateKeyFile /usr/local/openldap/ssl/ldapkey.pem</trans> <trans data-src="TlsVerifyClient never">TlsVerifyClient never</trans> <trans data-src="index objectClass eq,pres">index objectClass eq,pres</trans> <trans data-src="index ou,cn,mail,surname,givenname eq,pres,sub">index ou,cn,mail,surname,givenname eq,pres,sub</trans> <trans data-src="index uidNumber,gidNumber,loginShell eq,pres">index uidNumber,gidNumber,loginShell eq,pres</trans> <trans data-src="index uid,memberUid eq,pres,sub">index uid,memberUid eq,pres,sub</trans> <trans data-src="index nisMapName,nisMapEntry eq,pres,sub">index nisMapName,nisMapEntry eq,pres,sub</trans> <trans data-src="loglevel 296">loglevel 296</trans> <trans data-src="mirrormode TRUE">mirrormode TRUE</trans> <trans data-src="overlay syncprov">overlay syncprov</trans> <trans data-src="syncprov-nopresent TRUE">syncprov-nopresent TRUE</trans> <trans data-src="syncprov-reloadhint TRUE">syncprov-reloadhint TRUE</trans> <trans data-src="syncprov-checkpoint 100 2 ">syncprov-checkpoint 100 2 </trans> <trans data-src="rootpw ">rootpw </trans> <trans data-src="{SSHA}KYesbO2q8mGAfXfTSjGgaOEI">{SSHA}KYesbO2q8mGAfXfTSjGgaOEI</trans> <trans data-src="+j5bdfRa">+j5bdfRa</trans> <trans data-src="overlay ppolicy">overlay ppolicy</trans> <trans data-src="password-hash {SSHA}">password-hash {SSHA}</trans> <trans data-src="ppolicy_default cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org">ppolicy_default cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="ppolicy_hash_cleartext">ppolicy_hash_cleartext</trans> <trans data-src="ppolicy_use_lockout">ppolicy_use_lockout</trans>

zero
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
fifty-four
fifty-five
fifty-six
fifty-seven
fifty-eight
fifty-nine
sixty

# egrep -v "#|^$" /usr/local/openldap/etc/openldap/slapd.conf
include          / usr / local / openldap / etc / openldap / schema / corba . schema
include          / usr / local / openldap / etc / openldap / schema / core . schema
include          / usr / local / openldap / etc / openldap / schema / cosine . schema
include          / usr / local / openldap / etc / openldap / schema / duaconf . schema
include          / usr / local / openldap / etc / openldap / schema / dyngroup . schema
include          / usr / local / openldap / etc / openldap / schema / inetorgperson . schema
include          / usr / local / openldap / etc / openldap / schema / java . schema
include          / usr / local / openldap / etc / openldap / schema / misc . schema
include          / usr / local / openldap / etc / openldap / schema / nis . schema
include          / usr / local / openldap / etc / openldap / schema / openldap . schema
include          / usr / local / openldap / etc / openldap / schema / ppolicy . schema
include          / usr / local / openldap / etc / openldap / schema / collective . schema
pidfile          / opt / openldap - 2.4.48 / var / run / slapd . pid
argsfile          / opt / openldap - 2.4.48 / var / run / slapd . args
serverID two
modulepath      / opt / openldap - 2.4.48 / libexec / openldap
moduleload     ppolicy . la
access to *
     by self write
     by anonymous auth
     by * read
database         mdb
maxsize          one billion seventy-three million seven hundred and forty-one thousand eight hundred and twenty-four
suffix            "dc=ldap,dc=t4x,dc=org"
checkpoint        two thousand and forty-eight ten
rootdn            "cn=admin,dc=ldap,dc=t4x,dc=org"
directory        / opt / openldap - 2.4.48 / var / openldap - data
syncrepl rid = 001
     provider = ldap : //192.168.227.33
     binddn = "cn=admin,dc=ldap,dc=t4x,dc=org"
     bindmethod = simple
     credentials = admin
     searchbase = "dc=ldap,dc=t4x,dc=org"
     schemachecking = off
     type = refreshAndPersist
     retry = "60 +"
TLSCACertificatePath / usr / local / openldap / ssl /
TLSCertificateFile "\"OpenLDAP Server\""
TLSCACertificateFile / usr / local / openldap / ssl / cacert . pem
TLSCertificateFile / usr / local / openldap / ssl / ldapcert . pem
TLSCertificateKeyFile    / usr / local / openldap / ssl / ldapkey . pem
TlsVerifyClient never
index objectClass                       eq , pres
index ou , cn , mail , surname , givenname       eq , pres , sub
index uidNumber , gidNumber , loginShell     eq , pres
index uid , memberUid                     eq , pres , sub
index nisMapName , nisMapEntry             eq , pres , sub
loglevel      two hundred and ninety-six
mirrormode TRUE
overlay syncprov
syncprov - nopresent TRUE
syncprov - reloadhint TRUE
syncprov - checkpoint one hundred two
rootpw    { SSHA } KYesbO2q8mGAfXfTSjGgaOEI + j5bdfRa

overlay ppolicy
password - hash { SSHA }
ppolicy_default cn = security , ou = Policies , dc = ldap , dc = t4x , dc = org
ppolicy_hash_cleartext
ppolicy_use_lockout

SourceByrd's Weblog- https://note.t4x.org/project/openldap-master-configure/

Admin import:

<trans data-src="$ ldapadd -x -D "cn=admin,dc=ldap,dc=t4x,dc=org" -W -f admin.ldif">$ ldapadd -x -D "cn=admin,dc=ldap,dc=t4x,dc=org" -W -f admin.ldif</trans> <trans data-src="$ cat /usr/local/openldap/etc/openldap/admin.ldif ">$ cat /usr/local/openldap/etc/openldap/admin.ldif </trans> <trans data-src="dn: dc=ldap,dc=t4x,dc=org">dn: dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectclass: dcObject">objectclass: dcObject</trans> <trans data-src="objectclass: organization">objectclass: organization</trans> <trans data-src="o: T4X.Inc">o: T4X.Inc</trans> <trans data-src="dc: ldap">dc: ldap</trans> <trans data-src="dn: cn=admin,dc=ldap,dc=t4x,dc=org">dn: cn=admin,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectclass: organizationalRole">objectclass: organizationalRole</trans> <trans data-src="cn: admin">cn: admin</trans>

zero
one
two
three
four
five
six
seven
eight
nine
ten

$ ldapadd - x - D "cn=admin,dc=ldap,dc=t4x,dc=org" - W - f admin . ldif
$ cat / usr / local / openldap / etc / openldap / admin . ldif
dn : dc = ldap , dc = t4x , dc = org
objectclass : dcObject
objectclass : organization
o : T4X . Inc
dc : ldap

dn : cn = admin , dc = ldap , dc = t4x , dc = org
objectclass : organizationalRole
cn : admin

OU people import:

<trans data-src="$ ldapadd -x -D "cn=Manage,dc=ldap,dc=t4x,dc=org" -W -f people.ldif">$ ldapadd -x -D "cn=Manage,dc=ldap,dc=t4x,dc=org" -W -f people.ldif</trans> <trans data-src="$ cat /usr/local/openldap/etc/openldap/people.lidf ">$ cat /usr/local/openldap/etc/openldap/people.lidf </trans> <trans data-src="dn: ou=People,dc=ldap,dc=t4x,dc=org">dn: ou=People,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: organizationalUnit">objectClass: organizationalUnit</trans> <trans data-src="ou: People">ou: People</trans>

zero
one
two
three
four

$ ldapadd - x - D "cn=Manage,dc=ldap,dc=t4x,dc=org" - W - f people . ldif
$ cat / usr / local / openldap / etc / openldap / people . lidf
dn : ou = People , dc = ldap , dc = t4x , dc = org
objectClass : organizationalUnit
ou : People

Ordinary user import:

<trans data-src="# cat /usr/local/openldap/etc/openldap/byrd.lidf "># cat /usr/local/openldap/etc/openldap/byrd.lidf </trans> <trans data-src="dn: uid=zane,ou=People,dc=ldap,dc=t4x,dc=org">dn: uid=zane,ou=People,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: posixAccount">objectClass: posixAccount</trans> <trans data-src="objectClass: inetOrgPerson">objectClass: inetOrgPerson</trans> <trans data-src="objectClass: organizationalPerson">objectClass: organizationalPerson</trans> <trans data-src="objectClass: person">objectClass: person</trans> <trans data-src="homeDirectory: /home/byrd">homeDirectory: /home/byrd</trans> <trans data-src="loginShell: /bin/byrd">loginShell: /bin/byrd</trans> <trans data-src="cn: byrd">cn: byrd</trans> <trans data-src="sn: byrd">sn: byrd</trans> <trans data-src="description: CTO">description: CTO</trans> <trans data-src="userPassword:: e1NTSEF9RnNaUHFGQVJmUTRlZEtNS2FKQUxGKy9KaUZqT2dvSW0=">userPassword:: e1NTSEF9RnNaUHFGQVJmUTRlZEtNS2FKQUxGKy9KaUZqT2dvSW0=</trans>

zero
one
two
three
four
five
six
seven
eight
nine
ten
eleven

# cat /usr/local/openldap/etc/openldap/byrd.lidf
dn : uid = zane , ou = People , dc = ldap , dc = t4x , dc = org
objectClass : posixAccount
objectClass : inetOrgPerson
objectClass : organizationalPerson
objectClass : person
homeDirectory : / home / byrd
loginShell : / bin / byrd
cn : byrd
sn : byrd
description : CTO
userPassword : : e1NTSEF9RnNaUHFGQVJmUTRlZEtNS2FKQUxGKy9KaUZqT2dvSW0 =

SourceByrd's Weblog- https://note.t4x.org/project/openldap-master-configure/

Install pqchecker:

 <trans data-src="$ git clone ">$ git clone </trans> <trans data-src="https://bitbucket.org/ameddeb/pqchecker.git">https://bitbucket.org/ameddeb/pqchecker.git</trans> <trans data-src="$ cd pqchecker/">$ cd pqchecker/</trans> <trans data-src="$ sh ./">$ sh ./</trans> <trans data-src="adjustdate.bash">adjustdate.bash</trans> <trans data-src="$ ./">$ ./</trans> <trans data-src="configure LDAPSRC=/byrd/tools/openldap-2.4.48 JAVAHOME=/opt/jdk1.8.0_191 libdir=/usr/local/openldap/libexec/openldap/ PARAMDIR=/etc/openldap/pqchecker">configure LDAPSRC=/byrd/tools/openldap-2.4.48 JAVAHOME=/opt/jdk1.8.0_191 libdir=/usr/local/openldap/libexec/openldap/ PARAMDIR=/etc/openldap/pqchecker</trans> <trans data-src="$ make && make install">$ make && make install</trans>

zero

one

two

three

four

$ git clone https : //bitbucket.org/ameddeb/pqchecker.git

$ cd pqchecker /

$ sh . / adjustdate . bash

$ . / configure LDAPSRC =/ byrd / tools / openldap - 2.4.48 JAVAHOME =/ opt / jdk1 . 8.0_191 libdir =/ usr / local / openldap / libexec / openldap / PARAMDIR =/ etc / openldap / pqchecker

$ make && make install

Security module import: SourceByrd's Weblog- https://note.t4x.org/project/openldap-master-configure/

OU polices

<trans data-src="$ cat /usr/local/openldap/etc/openldap/policies.lidf ">$ cat /usr/local/openldap/etc/openldap/policies.lidf </trans> <trans data-src="dn: ou=Policies,dc=ldap,dc=t4x,dc=org">dn: ou=Policies,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: organizationalUnit">objectClass: organizationalUnit</trans> <trans data-src="ou: Policies">ou: Policies</trans>

zero
one
two
three

$ cat / usr / local / openldap / etc / openldap / policies . lidf
dn : ou = Policies , dc = ldap , dc = t4x , dc = org
objectClass : organizationalUnit
ou : Policies

Default password rules:

<trans data-src="$ cat /usr/local/openldap/etc/openldap/security1.ldif ">$ cat /usr/local/openldap/etc/openldap/security1.ldif </trans> <trans data-src="dn: cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org">dn: cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="cn: security ">cn: security </trans> <trans data-src="objectClass: top">objectClass: top</trans> <trans data-src="objectClass: device">objectClass: device</trans> <trans data-src="objectClass: pwdPolicy">objectClass: pwdPolicy</trans> <trans data-src="objectClass: pwdPolicyChecker">objectClass: pwdPolicyChecker</trans> <trans data-src="pwdAllowUserChange: TRUE">pwdAllowUserChange: TRUE</trans> <trans data-src="pwdAttribute: userPassword">pwdAttribute: userPassword</trans> <trans data-src="pwdMaxAge: 7776000">pwdMaxAge: 7776000</trans> <trans data-src="pwdInHistory: 5">pwdInHistory: 5</trans> <trans data-src="pwdCheckQuality: 2">pwdCheckQuality: 2</trans> <trans data-src="pwdMinLength: 8">pwdMinLength: 8</trans> <trans data-src="pwdExpireWarning: 604800">pwdExpireWarning: 604800</trans> <trans data-src="pwdGraceAuthNLimit: 10">pwdGraceAuthNLimit: 10</trans> <trans data-src="pwdFailureCountInterval: 30">pwdFailureCountInterval: 30</trans> <trans data-src="pwdMustChange: TRUE">pwdMustChange: TRUE</trans> <trans data-src="pwdSafeModify: FALSE">pwdSafeModify: FALSE</trans> <trans data-src="pwdLockout: TRUE">pwdLockout: TRUE</trans> <trans data-src="pwdLockoutDuration: 300">pwdLockoutDuration: 300</trans> <trans data-src="pwdMaxFailure: 5">pwdMaxFailure: 5</trans>

zero
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty

$ cat / usr / local / openldap / etc / openldap / security1 . ldif
dn : cn = security , ou = Policies , dc = ldap , dc = t4x , dc = org
cn : security
objectClass : top
objectClass : device
objectClass : pwdPolicy
objectClass : pwdPolicyChecker
pwdAllowUserChange : TRUE
pwdAttribute : userPassword
pwdMaxAge : seven million seven hundred and seventy-six thousand
pwdInHistory : five
pwdCheckQuality : two
pwdMinLength : eight
pwdExpireWarning : six hundred and four thousand and eight hundred
pwdGraceAuthNLimit : ten
pwdFailureCountInterval : thirty
pwdMustChange : TRUE
pwdSafeModify : FALSE
pwdLockout : TRUE
pwdLockoutDuration : three hundred
pwdMaxFailure : five

Complexity rule: pqchecker.so

<trans data-src="$ cat /usr/local/openldap/etc/openldap/mode.lidf ">$ cat /usr/local/openldap/etc/openldap/mode.lidf </trans> <trans data-src="dn: cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org">dn: cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="changeType: modify">changeType: modify</trans> <trans data-src="add: pwdCheckModule">add: pwdCheckModule</trans> <trans data-src="pwdCheckModule: pqchecker.so">pwdCheckModule: pqchecker.so</trans>

zero
one
two
three
four

$ cat / usr / local / openldap / etc / openldap / mode . lidf
dn : cn = security , ou = Policies , dc = ldap , dc = t4x , dc = org
changeType : modify
add : pwdCheckModule
pwdCheckModule : pqchecker . so

SourceByrd's Weblog- https://note.t4x.org/project/openldap-master-configure/

General operation: SourceByrd's Weblog- https://note.t4x.org/project/openldap-master-configure/

Export all profiles:

<trans data-src="$ ldapsearch -LLL -w admin -x -H ">$ ldapsearch -LLL -w admin -x -H </trans> <trans data-src="ldap://ldap.t4x.org">ldap://ldap.t4x.org</trans> <trans data-src=" -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" >/tmp/all.ldif"> -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" >/tmp/all.ldif</trans> <trans data-src="$ cat /tmp/all.ldif">$ cat /tmp/all.ldif</trans> <trans data-src="dn: dc=ldap,dc=t4x,dc=org">dn: dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: dcObject">objectClass: dcObject</trans> <trans data-src="objectClass: organization">objectClass: organization</trans> <trans data-src="o: T4X.Inc">o: T4X.Inc</trans> <trans data-src="dc: ldap">dc: ldap</trans> <trans data-src="dn: ou=People,dc=ldap,dc=t4x,dc=org">dn: ou=People,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: organizationalUnit">objectClass: organizationalUnit</trans> <trans data-src="ou: People">ou: People</trans> <trans data-src="dn: cn=admin,dc=ldap,dc=t4x,dc=org">dn: cn=admin,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: organizationalRole">objectClass: organizationalRole</trans> <trans data-src="cn: admin">cn: admin</trans> <trans data-src="cn: admin">cn: admin</trans> <trans data-src="dn: ou=Policies,dc=ldap,dc=t4x,dc=org">dn: ou=Policies,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: organizationalUnit">objectClass: organizationalUnit</trans> <trans data-src="ou: Policies">ou: Policies</trans> <trans data-src="dn: uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org">dn: uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: posixAccount">objectClass: posixAccount</trans> <trans data-src="objectClass: top">objectClass: top</trans> <trans data-src="objectClass: inetOrgPerson">objectClass: inetOrgPerson</trans> <trans data-src="gidNumber: 0">gidNumber: 0</trans> <trans data-src="givenName: byrd">givenName: byrd</trans> <trans data-src="sn: byrd">sn: byrd</trans> <trans data-src="displayName: byrd">displayName: byrd</trans> <trans data-src="uid: byrd">uid: byrd</trans> <trans data-src="homeDirectory: /home/byrd">homeDirectory: /home/byrd</trans> <trans data-src="loginShell: /bin/bash">loginShell: /bin/bash</trans> <trans data-src="cn: byrd">cn: byrd</trans> <trans data-src="uidNumber: 41872">uidNumber: 41872</trans> <trans data-src="dn: uid=t4x,ou=People,dc=ldap,dc=t4x,dc=org">dn: uid=t4x,ou=People,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: posixAccount">objectClass: posixAccount</trans> <trans data-src="objectClass: top">objectClass: top</trans> <trans data-src="objectClass: inetOrgPerson">objectClass: inetOrgPerson</trans> <trans data-src="gidNumber: 0">gidNumber: 0</trans> <trans data-src="givenName: t4x">givenName: t4x</trans> <trans data-src="sn: t4x">sn: t4x</trans> <trans data-src="displayName: t4x">displayName: t4x</trans> <trans data-src="uid: t4x">uid: t4x</trans> <trans data-src="homeDirectory: /home/t4x">homeDirectory: /home/t4x</trans> <trans data-src="loginShell: /bin/bash">loginShell: /bin/bash</trans> <trans data-src="cn: t4x">cn: t4x</trans> <trans data-src="uidNumber: 15557">uidNumber: 15557</trans> <trans data-src="dn: cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org">dn: cn=security,ou=Policies,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="cn:: c2VjdXJpdHkg">cn:: c2VjdXJpdHkg</trans> <trans data-src="objectClass: top">objectClass: top</trans> <trans data-src="objectClass: device">objectClass: device</trans> <trans data-src="objectClass: pwdPolicy">objectClass: pwdPolicy</trans> <trans data-src="objectClass: pwdPolicyChecker">objectClass: pwdPolicyChecker</trans> <trans data-src="pwdAllowUserChange: TRUE">pwdAllowUserChange: TRUE</trans> <trans data-src="pwdAttribute: userPassword">pwdAttribute: userPassword</trans> <trans data-src="pwdMaxAge: 7776000">pwdMaxAge: 7776000</trans> <trans data-src="pwdInHistory: 5">pwdInHistory: 5</trans> <trans data-src="pwdCheckQuality: 2">pwdCheckQuality: 2</trans> <trans data-src="pwdMinLength: 8">pwdMinLength: 8</trans> <trans data-src="pwdExpireWarning: 604800">pwdExpireWarning: 604800</trans> <trans data-src="pwdGraceAuthNLimit: 10">pwdGraceAuthNLimit: 10</trans> <trans data-src="pwdFailureCountInterval: 30">pwdFailureCountInterval: 30</trans> <trans data-src="pwdMustChange: TRUE">pwdMustChange: TRUE</trans> <trans data-src="pwdSafeModify: FALSE">pwdSafeModify: FALSE</trans> <trans data-src="pwdLockout: TRUE">pwdLockout: TRUE</trans> <trans data-src="pwdLockoutDuration: 300">pwdLockoutDuration: 300</trans> <trans data-src="pwdMaxFailure: 5">pwdMaxFailure: 5</trans> <trans data-src="pwdCheckModule: pqchecker.so">pwdCheckModule: pqchecker.so</trans>

zero
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine
fifty
fifty-one
fifty-two
fifty-three
fifty-four
fifty-five
fifty-six
fifty-seven
fifty-eight
fifty-nine
sixty
sixty-one
sixty-two
sixty-three
sixty-four
sixty-five
sixty-six
sixty-seven
sixty-eight
sixty-nine

$ ldapsearch - LLL - w admin - x - H ldap : //ldap.t4x.org -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" >/tmp/all.ldif
$ cat / tmp / all . ldif
dn : dc = ldap , dc = t4x , dc = org
objectClass : dcObject
objectClass : organization
o : T4X . Inc
dc : ldap

dn : ou = People , dc = ldap , dc = t4x , dc = org
objectClass : organizationalUnit
ou : People

dn : cn = admin , dc = ldap , dc = t4x , dc = org
objectClass : organizationalRole
cn : admin
cn : admin

dn : ou = Policies , dc = ldap , dc = t4x , dc = org
objectClass : organizationalUnit
ou : Policies

dn : uid = byrd , ou = People , dc = ldap , dc = t4x , dc = org
objectClass : posixAccount
objectClass : top
objectClass : inetOrgPerson
gidNumber : zero
givenName : byrd
sn : byrd
displayName : byrd
uid : byrd
homeDirectory : / home / byrd
loginShell : / bin / bash
cn : byrd
uidNumber : forty-one thousand eight hundred and seventy-two

dn : uid = t4x , ou = People , dc = ldap , dc = t4x , dc = org
objectClass : posixAccount
objectClass : top
objectClass : inetOrgPerson
gidNumber : zero
givenName : t4x
sn : t4x
displayName : t4x
uid : t4x
homeDirectory : / home / t4x
loginShell : / bin / bash
cn : t4x
uidNumber : fifteen thousand five hundred and fifty-seven

dn : cn = security , ou = Policies , dc = ldap , dc = t4x , dc = org
cn : : c2VjdXJpdHkg
objectClass : top
objectClass : device
objectClass : pwdPolicy
objectClass : pwdPolicyChecker
pwdAllowUserChange : TRUE
pwdAttribute : userPassword
pwdMaxAge : seven million seven hundred and seventy-six thousand
pwdInHistory : five
pwdCheckQuality : two
pwdMinLength : eight
pwdExpireWarning : six hundred and four thousand and eight hundred
pwdGraceAuthNLimit : ten
pwdFailureCountInterval : thirty
pwdMustChange : TRUE
pwdSafeModify : FALSE
pwdLockout : TRUE
pwdLockoutDuration : three hundred
pwdMaxFailure : five
pwdCheckModule : pqchecker . so

Export user information:

<trans data-src="ldapsearch -LLL -w admin -x -H ">ldapsearch -LLL -w admin -x -H </trans> <trans data-src="ldap://ldap.t4x.org">ldap://ldap.t4x.org</trans> <trans data-src=" -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" "(uid=*)" > /tmp/user.ldif"> -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" "(uid=*)" > /tmp/user.ldif</trans> <trans data-src="$ cat /tmp/user.ldif ">$ cat /tmp/user.ldif </trans> <trans data-src="dn: uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org">dn: uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org</trans> <trans data-src="objectClass: posixAccount">objectClass: posixAccount</trans> <trans data-src="objectClass: top">objectClass: top</trans> <trans data-src="objectClass: inetOrgPerson">objectClass: inetOrgPerson</trans> <trans data-src="gidNumber: 0">gidNumber: 0</trans> <trans data-src="givenName: byrd">givenName: byrd</trans> <trans data-src="sn: byrd">sn: byrd</trans> <trans data-src="displayName: byrd">displayName: byrd</trans> <trans data-src="uid: byrd">uid: byrd</trans> <trans data-src="homeDirectory: /home/byrd">homeDirectory: /home/byrd</trans> <trans data-src="loginShell: /bin/bash">loginShell: /bin/bash</trans> <trans data-src="cn: byrd">cn: byrd</trans> <trans data-src="uidNumber: 41872">uidNumber: 41872</trans>

zero
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen

ldapsearch - LLL - w admin - x - H ldap : //ldap.t4x.org -D "cn=admin,dc=ldap,dc=t4x,dc=org" -b "dc=ldap,dc=t4x,dc=org" "(uid=*)" > /tmp/user.ldif
$ cat / tmp / user . ldif
dn : uid = byrd , ou = People , dc = ldap , dc = t4x , dc = org
objectClass : posixAccount
objectClass : top
objectClass : inetOrgPerson
gidNumber : zero
givenName : byrd
sn : byrd
displayName : byrd
uid : byrd
homeDirectory : / home / byrd
loginShell : / bin / bash
cn : byrd
uidNumber : forty-one thousand eight hundred and seventy-two

Verify password policy:

<trans data-src="$ ldappasswd -H ">$ ldappasswd -H </trans> <trans data-src="ldap://ldap.t4x.org">ldap://ldap.t4x.org</trans> <trans data-src=" -x -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -W -A -S "> -x -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -W -A -S </trans> <trans data-src="Old password: 123456">Old password: 123456</trans> <trans data-src="Re-enter old password: 123456">Re-enter old password: 123456</trans> <trans data-src="New password: w34Q$fqwe4">New password: w34Q$fqwe4</trans> <trans data-src="Re-enter new password: w34Q$fqwe4">Re-enter new password: w34Q$fqwe4</trans> <trans data-src="Enter LDAP Password: 123456">Enter LDAP Password: 123456</trans> <trans data-src="Sep 23 10:24:59 ldap-m1 pqchecker[1089]: Checking password quality for uid=byrd,">Sep 23 10:24:59 ldap-m1 pqchecker[1089]: Checking password quality for uid=byrd,</trans> <trans data-src="ou=People,dc=ldap,dc=t4x,dc=org.">ou=People,dc=ldap,dc=t4x,dc=org.</trans> <trans data-src="Sep 23 10:24:59 ldap-m1 pqchecker[1089]: The quality parameters used: 0|01010101">Sep 23 10:24:59 ldap-m1 pqchecker[1089]: The quality parameters used: 0|01010101</trans> <trans data-src="Sep 23 10:24:59 ldap-m1 pqchecker[1089]: Password accepted.">Sep 23 10:24:59 ldap-m1 pqchecker[1089]: Password accepted.</trans> <trans data-src="Sep 23 10:24:59 ldap-m1 slapd[1089]: conn=1010 op=1 RESULT oid= err=0 text=">Sep 23 10:24:59 ldap-m1 slapd[1089]: conn=1010 op=1 RESULT oid= err=0 text=</trans> <trans data-src="[">[</trans> <trans data-src="root@ldap-m1">root@ldap-m1</trans> <trans data-src=" openldap]# ldappasswd -H "> openldap]# ldappasswd -H </trans> <trans data-src="ldap://ldap.t4x.org">ldap://ldap.t4x.org</trans> <trans data-src=" -x -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -W -A -S"> -x -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -W -A -S</trans> <trans data-src="Old password: w34Q$fqwe4">Old password: w34Q$fqwe4</trans> <trans data-src="Re-enter old password: w34Q$fqwe4">Re-enter old password: w34Q$fqwe4</trans> <trans data-src="New password: qwertyui">New password: qwertyui</trans> <trans data-src="Re-enter new password: qwertyui">Re-enter new password: qwertyui</trans> <trans data-src="Enter LDAP Password: w34Q$fqwe4">Enter LDAP Password: w34Q$fqwe4</trans> <trans data-src="Result: Constraint violation (19)">Result: Constraint violation (19)</trans> <trans data-src="Sep 23 10:26:37 ldap-m1 pqchecker[1089]: Checking password quality for uid=byrd,">Sep 23 10:26:37 ldap-m1 pqchecker[1089]: Checking password quality for uid=byrd,</trans> <trans data-src="ou=People,dc=ldap,dc=t4x,dc=org.">ou=People,dc=ldap,dc=t4x,dc=org.</trans> <trans data-src="Sep 23 10:26:37 ldap-m1 pqchecker[1089]: The quality parameters used: 0|01010101">Sep 23 10:26:37 ldap-m1 pqchecker[1089]: The quality parameters used: 0|01010101</trans> <trans data-src="Sep 23 10:26:37 ldap-m1 pqchecker[1089]: Password rejected.">Sep 23 10:26:37 ldap-m1 pqchecker[1089]: Password rejected.</trans> <trans data-src="$ ldappasswd -H ">$ ldappasswd -H </trans> <trans data-src="ldap://ldap.t4x.org">ldap://ldap.t4x.org</trans> <trans data-src=" -x -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -W -A -S"> -x -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -W -A -S</trans> <trans data-src="Old password: w34Q$fqwe4">Old password: w34Q$fqwe4</trans> <trans data-src="Re-enter old password: w34Q$fqwe4">Re-enter old password: w34Q$fqwe4</trans> <trans data-src="New password: w34Q$fq">New password: w34Q$fq</trans> <trans data-src="Re-enter new password: w34Q$fq">Re-enter new password: w34Q$fq</trans> <trans data-src="Enter LDAP Password: w34Q$fqwe4">Enter LDAP Password: w34Q$fqwe4</trans> <trans data-src="Result: Constraint violation (19)">Result: Constraint violation (19)</trans> <trans data-src="Additional info: Password fails quality checking policy">Additional info: Password fails quality checking policy</trans> <trans data-src="Sep 23 10:26:37 ldap-m1 pqchecker[1089]: Checking password quality for uid=byrd,">Sep 23 10:26:37 ldap-m1 pqchecker[1089]: Checking password quality for uid=byrd,</trans> <trans data-src="ou=People,dc=ldap,dc=t4x,dc=org.">ou=People,dc=ldap,dc=t4x,dc=org.</trans> <trans data-src="Sep 23 10:26:37 ldap-m1 pqchecker[1089]: The quality parameters used: 0|01010101">Sep 23 10:26:37 ldap-m1 pqchecker[1089]: The quality parameters used: 0|01010101</trans> <trans data-src="Sep 23 10:26:37 ldap-m1 pqchecker[1089]: Password rejected.">Sep 23 10:26:37 ldap-m1 pqchecker[1089]: Password rejected.</trans> <trans data-src="Sep 23 10:26:37 ldap-m1 slapd[1089]: check_password_quality: module error: (pqchecker.so) The password does not pass quality check..">Sep 23 10:26:37 ldap-m1 slapd[1089]: check_password_quality: module error: (pqchecker.so) The password does not pass quality check..</trans> <trans data-src="[1]">[1]</trans> <trans data-src="Sep 23 10:26:37 ldap-m1 slapd[1089]: conn=1011 op=1 RESULT oid= err=19 text=">Sep 23 10:26:37 ldap-m1 slapd[1089]: conn=1011 op=1 RESULT oid= err=19 text=</trans> <trans data-src="# ldappasswd -H "># ldappasswd -H </trans> <trans data-src="ldap://ldap.t4x.org">ldap://ldap.t4x.org</trans> <trans data-src=" -x -D "uid=byrd,ou=People,dc=ldap,dc=dz,dc=org" -W -A -S "> -x -D "uid=byrd,ou=People,dc=ldap,dc=dz,dc=org" -W -A -S </trans> <trans data-src="Old password: w34Q$fqwe4">Old password: w34Q$fqwe4</trans> <trans data-src="Re-enter old password: w34Q$fqwe4">Re-enter old password: w34Q$fqwe4</trans> <trans data-src="New password: w34Q$fqwe4">New password: w34Q$fqwe4</trans> <trans data-src="Re-enter new password: w34Q$fqwe4">Re-enter new password: w34Q$fqwe4</trans> <trans data-src="Enter LDAP Password: w34Q$fqwe4">Enter LDAP Password: w34Q$fqwe4</trans> <trans data-src="Result: Constraint violation (19)">Result: Constraint violation (19)</trans> <trans data-src="Additional info: Password is in history of old passwords">Additional info: Password is in history of old passwords</trans> <trans data-src="<pre>"><pre></trans> <trans data-src="$ ldapsearch -x -w admin -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -b "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org"">$ ldapsearch -x -w admin -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -b "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org"</trans>

zero
one
two
three
four
five
six
seven
eight
nine
ten
eleven
twelve
thirteen
fourteen
fifteen
sixteen
seventeen
eighteen
nineteen
twenty
twenty-one
twenty-two
twenty-three
twenty-four
twenty-five
twenty-six
twenty-seven
twenty-eight
twenty-nine
thirty
thirty-one
thirty-two
thirty-three
thirty-four
thirty-five
thirty-six
thirty-seven
thirty-eight
thirty-nine
forty
forty-one
forty-two
forty-three
forty-four
forty-five
forty-six
forty-seven
forty-eight
forty-nine

$ ldappasswd - H ldap : //ldap.t4x.org -x -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -W -A -S
Old password : one hundred and twenty-three thousand four hundred and fifty-six
Re - enter old password : one hundred and twenty-three thousand four hundred and fifty-six
New password : w34Q $ fqwe4
Re - enter new password : w34Q $ fqwe4
Enter LDAP Password : one hundred and twenty-three thousand four hundred and fifty-six

Sep twenty-three ten : twenty-four : fifty-nine ldap - m1 pqchecker [ one thousand and eighty-nine ] : Checking password quality for uid = byrd , ou = People , dc = ldap , dc = t4x , dc = org .
Sep twenty-three ten : twenty-four : fifty-nine ldap - m1 pqchecker [ one thousand and eighty-nine ] : The quality parameters used : zero | 01010101
Sep twenty-three ten : twenty-four : fifty-nine ldap - m1 pqchecker [ one thousand and eighty-nine ] : Password accepted .
Sep twenty-three ten : twenty-four : fifty-nine ldap - m1 slapd [ one thousand and eighty-nine ] : conn = one thousand and ten op = one RESULT oid = err = zero text =

[ root @ ldap - m1 openldap ] # ldappasswd -H ldap://ldap.t4x.org -x -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -W -A -S
Old password : w34Q $ fqwe4
Re - enter old password : w34Q $ fqwe4
New password : qwertyui
Re - enter new password : qwertyui
Enter LDAP Password : w34Q $ fqwe4
Result : Constraint violation ( nineteen )

Sep twenty-three ten : twenty-six : thirty-seven ldap - m1 pqchecker [ one thousand and eighty-nine ] : Checking password quality for uid = byrd , ou = People , dc = ldap , dc = t4x , dc = org .
Sep twenty-three ten : twenty-six : thirty-seven ldap - m1 pqchecker [ one thousand and eighty-nine ] : The quality parameters used : zero | 01010101
Sep twenty-three ten : twenty-six : thirty-seven ldap - m1 pqchecker [ one thousand and eighty-nine ] : Password rejected .

$ ldappasswd - H ldap : //ldap.t4x.org -x -D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" -W -A -S
Old password : w34Q $ fqwe4
Re - enter old password : w34Q $ fqwe4
New password : w34Q $ fq
Re - enter new password : w34Q $ fq
Enter LDAP Password : w34Q $ fqwe4
Result : Constraint violation ( nineteen )
Additional info : Password fails quality checking policy

Sep twenty-three ten : twenty-six : thirty-seven ldap - m1 pqchecker [ one thousand and eighty-nine ] : Checking password quality for uid = byrd , ou = People , dc = ldap , dc = t4x , dc = org .
Sep twenty-three ten : twenty-six : thirty-seven ldap - m1 pqchecker [ one thousand and eighty-nine ] : The quality parameters used : zero | 01010101
Sep twenty-three ten : twenty-six : thirty-seven ldap - m1 pqchecker [ one thousand and eighty-nine ] : Password rejected .
Sep twenty-three ten : twenty-six : thirty-seven ldap - m1 slapd [ one thousand and eighty-nine ] : check_password_quality : module error : ( pqchecker . so ) The password does not pass quality check . . [ one ]
Sep twenty-three ten : twenty-six : thirty-seven ldap - m1 slapd [ one thousand and eighty-nine ] : conn = one thousand and eleven op = one RESULT oid = err = nineteen text =

# ldappasswd -H ldap://ldap.t4x.org -x -D "uid=byrd,ou=People,dc=ldap,dc=dz,dc=org" -W -A -S
Old password : w34Q $ fqwe4
Re - enter old password : w34Q $ fqwe4
New password : w34Q $ fqwe4
Re - enter new password : w34Q $ fqwe4
Enter LDAP Password : w34Q $ fqwe4
Result : Constraint violation ( nineteen )
Additional info : Password is in history of old passwords
< pre >
$ ldapsearch - x - w admin - D "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org" - b "uid=byrd,ou=People,dc=ldap,dc=t4x,dc=org"

SourceByrd's Weblog- https://note.t4x.org/project/openldap-master-configure/

Note: *. lidf should be followed by a blank line, a space after the colon, and no space at the end
Help document:
1: http://www.meddeb.net/pqchecker
2: http://www.openldap.org/doc/admin24/quickstart.html
3: https://ltb-project.org/documentation/self-service-password SourceByrd's Weblog- https://note.t4x.org/project/openldap-master-configure/ SourceByrd's Weblog- https://note.t4x.org/project/openldap-master-configure/

Today in History

September

five

two thousand and fourteen Common Linux Shell Skills (9)

Statement: unless otherwise specified Byrd's Blog The content is original. Reproduction without permission is prohibited! For details, please read Copyright Statement !

OpenLDAP dual master compilation installation

Today in History

Comment

Today in History

Comment

Register

Login