From: openldap-technical [mailto:openldap-technical-bounces@openldap.org]
On Behalf Of Real, Elizabeth (392K)
Sent: Monday, October 05, 2015 1:18 PM
To: Michael Ströder; openldap-technical@openldap.org
Subject: Re: Allow users to change ldap password with passwd
I have reinstalled openldap and applied slapo-ppolicy carefully looking at man pages and the configuration.
How do I then apply this to existing openldap accounts?
Thank you,
Liz
You need to have a ‘pwdPolicySubentry’ attribute assigned to each user and the value for that attribute would have to be a valid DN of the password policy
itself.
For example, below is what I used to add password policy recently – fix as needed, YMMV
#!/bin/bash
#
# assign password policy to LDAP users
for USER in `cat users`; do
ldapmodify -x -D cn=rootbinddn,dc=example,dc=com -w $SOME_PASSWORD <<!
dn: uid=$USER,ou=people,dc=example,dc=com
changetype: modify
add: pwdPolicySubentry
pwdPolicySubentry: cn=personnelpp,ou=Policies,dc=example,dc=com
!
Done
Craig