- 论坛徽章:
- 0
|
这个比较简单,修改密码策略就行,看你用什么版本的LDAP,我的是SUN JAVA DS.
1、检查策略
ldapsearch -D "cn=directory manager" -w <password> -b "dc=xx,dc=xx,dc=xx" "(&(objectclass=ldapsubentry)(cn=securitypolicy))"
2、修改策略。以下是我vi新建的一个 newpolicy.ldif文件内容,只要修改“pwd”开头的,“password”开头的跟着变。
dn:cn=SecurityPolicy,dc=xx,dc=xx,dc=xx //dn可以通过在主服务器 ldaplist 打印
changetype:modify //类型是modify修改
replace:pwdInHistory pwdMinLength pwdMustChange pwdExpireWarning pwdMaxAge //空格隔开,前面是replace,增加add,删除delete
pwdInHistory:5
pwdMinLength:8
pwdMustChange:TRUE
pwdExpireWarning:1209600
pwdMaxAge:7776000
3、执行修改(dhzcominf01)
then save the file and execute the ldapmodify command
ldapmodify -D "cn=directory manager" -w <password> -a -v -f newpolicy.ldif
4、再次浏览策略
version: 1
dn: cn=SecurityPolicy,dc=xx,dc=xx,dc=com
passwordMaxAge: 7776000 //单位是second
passwordWarning: 1209600 //单位是second
passwordMustChange: on
pwdMaxAge: 7776000
pwdExpireWarning: 1209600
pwdMustChange: TRUE //改密码后首次登录必须改密码
passwordMinLength: 8 //长度8位
pwdMinLength: 8
passwordInHistory: 5 //记住历史5个密码
pwdInHistory: 5
passwordLockout: off
pwdLockout: false
passwordCheckSyntax: off
pwdCheckQuality: 0
objectClass: top
objectClass: ldapsubentry
objectClass: pwdPolicy
objectClass: sunPwdPolicy
objectClass: passwordPolicy
cn: SecurityPolicy
pwdAttribute: userPassword
pwdFailureCountInterval: 600
pwdAllowUserChange: TRUE //允许用户改密码
pwdMaxFailure: 3 //密码错误3次
pwdLockoutDuration: 3600
pwdMinAge: 3600
passwordResetFailureCount: 600
passwordChange: on
passwordMaxFailure: 3
passwordUnlock: on
passwordLockoutDuration: 3600
passwordExp: on
passwordMinAge: 3600 //密码最短生效时间
Understanding and Deploying LDAP Directory Services, Second Edition
LDAP System Administration
iPlanet Directory Server 5.1 管理员指南
http://docs.sun.com/source/816-4121/contents.htm |
|