25 lines
679 B
Plaintext
25 lines
679 B
Plaintext
dn: cn=module,cn=config
|
|
objectClass: olcModuleList
|
|
olcModuleLoad: ppolicy.la
|
|
|
|
dn: olcOverlay=ppolicy,olcDatabase={2}mdb,cn=config
|
|
objectClass: olcPPolicyConfig
|
|
olcPPolicyHashCleartext: TRUE
|
|
olcPPolicyDefault: cn=policy,dc=example,dc=fr
|
|
|
|
dn: cn=policy,dc=example,dc=fr
|
|
objectClass: device
|
|
objectClass: pwdPolicyChecker
|
|
objectClass: pwdPolicy
|
|
pwdAllowUserChange: TRUE
|
|
pwdAttribute: userPassword
|
|
pwdCheckModule: check_password.so
|
|
# via le fichier /etc/openldap/check_password.conf
|
|
# on pourra définir des critères de robustesse
|
|
# supplémentaires (nb min de MAJ, nombre, symboles ...)
|
|
pwdLockout: TRUE
|
|
pwdMaxFailure: 3
|
|
pwdLockoutDuration: 3600
|
|
pwdMinLength: 12
|
|
pwdCheckQuality: 2
|