134
edits
FeministWiki:Technical documentation: Difference between revisions
FeministWiki:Technical documentation (view source)
Revision as of 17:34, 9 September 2018
, 9 September 2018→LDAP
(→LDAP) |
|||
| Line 93: | Line 93: | ||
* The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field. | * The <code>sn</code> (surname) field simply contains a minus character as a placeholder, because it's a mandatory field. | ||
* The <code>manager</code> field is optional and we use it to record the member who added the member in question. | * The <code>manager</code> field is optional and we use it to record the member who added the member in question. | ||
To make sure passwords are stored with the <code>{SSHA}</code> scheme rather than plain text, the <code>ppolicy</code> "password policy overlay" is used. ZYTRAX has a very nice book about LDAP which documents how to enable this: http://www.zytrax.com/books/ldap/ch6/ppolicy.html | |||
In short, the steps go as follows (these commands ''should'' work verbatim): | |||
# Add the ppolicy schema | |||
ldapadd -Y external -H ldapi:/// < /etc/ldap/schema/ppolicy.ldif | |||
# Enable the ppolicy dynamic module | |||
ldapmodify -Y external -H ldapi:/// <<EOF | |||
dn: cn=module{0},cn=config | |||
changetype: modify | |||
add: olcModuleLoad | |||
olcModuleLoad: ppolicy | |||
EOF | |||
# Add the ppolicy overlay with olcPPolicyHashCleartext set to TRUE | |||
ldapadd -Y external -H ldapi:/// <<EOF | |||
dn: olcOverlay=ppolicy,olcDatabase={1}mdb,cn=config | |||
objectClass: olcPPolicyConfig | |||
olcOverlay: ppolicy | |||
olcPPolicyHashCleartext: TRUE | |||
EOF | |||
=== Wiki === | === Wiki === | ||