mirror of
https://github.com/vegardit/docker-openldap.git
synced 2026-04-11 01:24:35 +02:00
41 lines
1.3 KiB
Text
41 lines
1.3 KiB
Text
version: 1
|
|
|
|
##############################
|
|
# Password Policy
|
|
##############################
|
|
dn: ou=Policies,${LDAP_INIT_ORG_DN}
|
|
ou: Policies
|
|
objectClass: top
|
|
objectClass: organizationalUnit
|
|
|
|
dn: cn=DefaultPasswordPolicy,ou=Policies,${LDAP_INIT_ORG_DN}
|
|
objectClass: top
|
|
objectClass: device
|
|
objectClass: pwdPolicy
|
|
objectClass: pwdPolicyChecker
|
|
cn: DefaultPasswordPolicy
|
|
pwdAttribute: userPassword
|
|
# 0=reset count of consecutive password failures only on successful authentication
|
|
pwdFailureCountInterval: 0
|
|
# maximum number of consecutive password failures locking the account
|
|
pwdMaxFailure: ${LDAP_INIT_PPOLICY_MAX_FAILURES:-3}
|
|
pwdMinAge: 0
|
|
pwdMustChange: TRUE
|
|
# if TRUE user must send current password during password modification operation
|
|
pwdSafeModify: FALSE
|
|
# number of passwords maintained in a list of previously used passwords
|
|
pwdInHistory: 0
|
|
# number of further bind operations after a password has expired
|
|
pwdGraceAuthNLimit: 0
|
|
# account lock duration in seconds (300=5min)
|
|
pwdLockoutDuration: ${LDAP_INIT_PPOLICY_LOCKOUT_DURATION:-300}
|
|
pwdAllowUserChange: TRUE
|
|
#0=do not show expiration warning on bind
|
|
pwdExpireWarning: 0
|
|
pwdLockout: TRUE
|
|
pwdMaxAge: 0
|
|
# Password Quality
|
|
pwdMinLength: ${LDAP_INIT_PPOLICY_PW_MIN_LENGTH:-8}
|
|
pwdCheckQuality: 2
|
|
pwdCheckModule: /usr/lib/ldap/pqchecker.so
|