On Mon, Nov 19, 2012 at 10:46 AM, jeevan kc <[email protected]> wrote: > Thanks . But we have like more than 25k users on the server. Doing that > individually would be tedious. Is there any other way ? > How about a script of some sorts? Something on the lines of:
ask ldap for the userlist (using ldapsearch) for each user Add objectClass: pwdPolicy (using ldapmodify) done > Sent from my iPhone > > On Nov 19, 2012, at 10:42 AM, "Mauricio Tavares" <[email protected]> wrote: > >> On Mon, Nov 19, 2012 at 10:14 AM, jeevan kc <[email protected]> wrote: >>> Hello >>> >>> I want to enable password policy on Openldap 2.4.30(to all users. I see that >>> the ppolicy.ldif and ppolicy.schema are listed under >>> /usr/local/etc/openldap/schema but are not present on >>> /usr/local/etc/openldap/slapd.d/cn=config folder. So do I need to add the >>> policy.ldif to the cn=config folder ? Is there like specific procedure to do >>> that or can I add manually with ldapadd ? Also how do I enable that schema >>> to all users ? Please help. >>> >>> >>> Jeevan >> >> If you have the policy as a diff, you could add it by saying >> >> ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/ppolicy.ldif >> >> Then you need to ldapmodify each user, adding something like >> >> objectClass: pwdPolicy >> >> to each of them. >> >> This is off the top of my head, so do verify before doing exciting >> thingies to your server. ;)
