SlideShare a Scribd company logo

Manage password policy in OpenLDAP

LDAPCon
LDAPCon
Technology
1 of 21
Download to read offline
Manage password policy in OpenLDAP Clément OUDOT
Table of contents  Password policy draft  OpenLDAP ppolicy overlay 2
Resume 3
Clément OUDOT  Engineer since 2003 at LINAGORA company  LinID Dream Team Manager: http://linid.org   Founder of LDAP Tool Box project: http://ltb-project.org Leader of LemonLDAP::NG project: http://lemonldap-ng.org Password policy draft 4
Password policy draft 5
Draft history  Draft name: draft-behera-ldap-password-policy  Version 0: 20 October 1999  Version 10: August 9, 2009  Draft is expired since February 10, 2010 6
Extended control     Password policy is request and response control (OID 1.3.6.1.4.1.42.2.27.8.5.1) The request control indicates the client is ppolicy aware The response control contains flags to advertise client about ppolicy status, it should be parsed by the client Control can be sent on BIND, MOD (if modification contains the password) and PASSMOD operations 7
Authentication    Brute-force prevention with account locking and delay Password expiration, with grace management and warning Account activation (start time, end time) 8
Modification     Size check (size does matter) Presence in history (with check of minimal age) Password quality (implementation specific) Safe modification (require old password)Size check 9
Password change after reset     Someone changes the password of a user An attribute should be added to user entry (pwdReset) At next authentication, the response code is 0 (OK) but the ppolicy control has the “password must change” flag The client should force user to change the password! 10
OpenLDAP ppolicy overlay 11
Password policy in OpenLDAP  Implemented as an overlay  Catch BIND, MOD and PASSMOD operations  Use version 9 of Behera Draft  Possibility to add a pwdChecker module 12
Overlay configuration  Load overlay if compiled as module: olcModuleLoad: ppolicy.la  Configure overlay in a backend: dn: olcOverlay={1}ppolicy,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {1}ppolicy olcPPolicyDefault: ou=default,ou=ppolicy,dc=example,dc=com olcPPolicyHashCleartext: TRUE olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE 13
Password policy configuration  Configuration in an LDAP specific entry: dn: ou=default,ou=ppolicy,dc=example,dc=com objectClass: pwdPolicy objectClass: pwdPolicyChecker objectClass: organizationalUnit objectClass: top ou: default 14
Password policy configuration  All parameters as attributes: pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckModule: check_password.so pwdCheckQuality: 2 pwdExpireWarning: 0 pwdInHistory: 10 pwdLockout: TRUE pwdMaxAge: 31536000 pwdMinAge: 600 pwdMaxFailure: 10 pwdMinLength: 8 pwdMustChange: TRUE PwdSafeModify : FALSE 15
More than one policy  Possibility to have several policies: – Several pwdPolicy entries – Use of pwdPolicySubentry in entries dn: uid=bobama,ou=users,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson ObjectClass : person objectClass: top uid : bobama cn : Barack OBAMA sn : OBAMA pwdPolicySubentry : ou=nsa,ou=ppolicy,dc=example,dc=com 16
Password checker  LDAP Tool Box provides a compatible password checker module: – Check against upper case, lower case, digits and punctuation – Cracklib support  ITS 7412 in OpenLDAP to add this module as a contribution 17
Last authentication time  The lastbind overlay is available in OpenLDAP contribution  Provided in contrib-overlays LTB package  Add authTimestamp operational attribute  Should be replaced by pwdLastSuccess form version 10 of the draft 18
Almost the end... 19
Thanks Special thanks to: – LDAPCon ! – Company LINAGORA – All LiniD developers Keep in touch: – Identica: @coudot – Twitter: @clementoudot @LinID_FOSS – IRC: KPTN #LinID@freenode – Web: http://linid.org 20
Thanks!

Recommended

FlixBus Ride with Snowflake
FlixBus Ride with SnowflakeFlixBus Ride with Snowflake
FlixBus Ride with SnowflakeTaras Slipets
 
Meetup Spark UDF performance
Meetup Spark UDF performanceMeetup Spark UDF performance
Meetup Spark UDF performanceGuilherme Braccialli
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksLiming Zhu
 
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
 
Knowledge Graphs - The Power of Graph-Based Search
Knowledge Graphs - The Power of Graph-Based SearchKnowledge Graphs - The Power of Graph-Based Search
Knowledge Graphs - The Power of Graph-Based SearchNeo4j
 
Knowledge Graphs, Ontologies, and AI Applications
Knowledge Graphs, Ontologies, and AI ApplicationsKnowledge Graphs, Ontologies, and AI Applications
Knowledge Graphs, Ontologies, and AI ApplicationsEarley Information Science
 
Introducción a GraphQL
Introducción a GraphQLIntroducción a GraphQL
Introducción a GraphQLLenin Alevski Huerta Arias
 
ad - IOL power calculation presentation.pptx
ad - IOL power calculation presentation.pptxad - IOL power calculation presentation.pptx
ad - IOL power calculation presentation.pptxAmanDalal26
 

Recommended

FlixBus Ride with Snowflake
FlixBus Ride with SnowflakeFlixBus Ride with Snowflake
FlixBus Ride with SnowflakeTaras Slipets
 
Meetup Spark UDF performance
Meetup Spark UDF performanceMeetup Spark UDF performance
Meetup Spark UDF performanceGuilherme Braccialli
 
Responsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksResponsible AI & Cybersecurity: A tale of two technology risks
Responsible AI & Cybersecurity: A tale of two technology risksLiming Zhu
 
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
 
Knowledge Graphs - The Power of Graph-Based Search
Knowledge Graphs - The Power of Graph-Based SearchKnowledge Graphs - The Power of Graph-Based Search
Knowledge Graphs - The Power of Graph-Based SearchNeo4j
 
Knowledge Graphs, Ontologies, and AI Applications
Knowledge Graphs, Ontologies, and AI ApplicationsKnowledge Graphs, Ontologies, and AI Applications
Knowledge Graphs, Ontologies, and AI ApplicationsEarley Information Science
 
Introducción a GraphQL
Introducción a GraphQLIntroducción a GraphQL
Introducción a GraphQLLenin Alevski Huerta Arias
 
ad - IOL power calculation presentation.pptx
ad - IOL power calculation presentation.pptxad - IOL power calculation presentation.pptx
ad - IOL power calculation presentation.pptxAmanDalal26
 
GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)
GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)
GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)Daeyoung Kim
 
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...Neo4j
 
Graph Thinking: Why it Matters
Graph Thinking: Why it MattersGraph Thinking: Why it Matters
Graph Thinking: Why it MattersNeo4j
 
GIS User to Web-GIS Developer Journey
GIS User to Web-GIS Developer JourneyGIS User to Web-GIS Developer Journey
GIS User to Web-GIS Developer JourneyTek Kshetri
 
Supply Chain Twin Demo - Companion Deck
Supply Chain Twin Demo - Companion DeckSupply Chain Twin Demo - Companion Deck
Supply Chain Twin Demo - Companion DeckNeo4j
 
Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]Olivier Dony
 
Data-Centric Business Transformation Using Knowledge Graphs
Data-Centric Business Transformation Using Knowledge GraphsData-Centric Business Transformation Using Knowledge Graphs
Data-Centric Business Transformation Using Knowledge GraphsAlan Morrison
 
Intravitreal in opthamology
Intravitreal in opthamologyIntravitreal in opthamology
Intravitreal in opthamologyDr. Agarwal's Group of Eye Hospital
 
Promoting the re use of open data through ODIP
Promoting the re use of open data through ODIPPromoting the re use of open data through ODIP
Promoting the re use of open data through ODIPOpen Data Support
 
Graph Databases in the Microsoft Ecosystem
Graph Databases in the Microsoft EcosystemGraph Databases in the Microsoft Ecosystem
Graph Databases in the Microsoft EcosystemMarco Parenzan
 
Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...
Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...
Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...British Cartographic Society
 
Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)
Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)
Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)Neo4j
 
Introduction to Google Cloud Platform for Big Data - Trusted Conf
Introduction to Google Cloud Platform for Big Data - Trusted ConfIntroduction to Google Cloud Platform for Big Data - Trusted Conf
Introduction to Google Cloud Platform for Big Data - Trusted ConfIn Marketing We Trust
 
The Five Graphs of Government: How Federal Agencies can Utilize Graph Technology
The Five Graphs of Government: How Federal Agencies can Utilize Graph TechnologyThe Five Graphs of Government: How Federal Agencies can Utilize Graph Technology
The Five Graphs of Government: How Federal Agencies can Utilize Graph TechnologyNeo4j
 
Accelerating Path to Production for Generative AI-powered Applications
Accelerating Path to Production for Generative AI-powered ApplicationsAccelerating Path to Production for Generative AI-powered Applications
Accelerating Path to Production for Generative AI-powered ApplicationsHostedbyConfluent
 
Knowledge Graphs are Worthless, Knowledge Graph Use Cases are Priceless
Knowledge Graphs are Worthless, Knowledge Graph Use Cases are PricelessKnowledge Graphs are Worthless, Knowledge Graph Use Cases are Priceless
Knowledge Graphs are Worthless, Knowledge Graph Use Cases are PricelessEnterprise Knowledge
 
OpenLDAP Replication Strategies
OpenLDAP Replication StrategiesOpenLDAP Replication Strategies
OpenLDAP Replication StrategiesGavin Henry
 
Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Michael Lamont
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLsbahloul
 
Nis Vs Ldap
Nis Vs LdapNis Vs Ldap
Nis Vs LdapJuan Bau
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010RUDDER
 
IAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutionsIAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutionsInternational Accreditation Organization
 

More Related Content

What's hot

GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)
GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)
GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)Daeyoung Kim
 
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...Neo4j
 
Graph Thinking: Why it Matters
Graph Thinking: Why it MattersGraph Thinking: Why it Matters
Graph Thinking: Why it MattersNeo4j
 
GIS User to Web-GIS Developer Journey
GIS User to Web-GIS Developer JourneyGIS User to Web-GIS Developer Journey
GIS User to Web-GIS Developer JourneyTek Kshetri
 
Supply Chain Twin Demo - Companion Deck
Supply Chain Twin Demo - Companion DeckSupply Chain Twin Demo - Companion Deck
Supply Chain Twin Demo - Companion DeckNeo4j
 
Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]Olivier Dony
 
Data-Centric Business Transformation Using Knowledge Graphs
Data-Centric Business Transformation Using Knowledge GraphsData-Centric Business Transformation Using Knowledge Graphs
Data-Centric Business Transformation Using Knowledge GraphsAlan Morrison
 
Promoting the re use of open data through ODIP
Promoting the re use of open data through ODIPPromoting the re use of open data through ODIP
Promoting the re use of open data through ODIPOpen Data Support
 
Graph Databases in the Microsoft Ecosystem
Graph Databases in the Microsoft EcosystemGraph Databases in the Microsoft Ecosystem
Graph Databases in the Microsoft EcosystemMarco Parenzan
 
Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...
Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...
Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...British Cartographic Society
 
Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)
Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)
Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)Neo4j
 
Introduction to Google Cloud Platform for Big Data - Trusted Conf
Introduction to Google Cloud Platform for Big Data - Trusted ConfIntroduction to Google Cloud Platform for Big Data - Trusted Conf
Introduction to Google Cloud Platform for Big Data - Trusted ConfIn Marketing We Trust
 
The Five Graphs of Government: How Federal Agencies can Utilize Graph Technology
The Five Graphs of Government: How Federal Agencies can Utilize Graph TechnologyThe Five Graphs of Government: How Federal Agencies can Utilize Graph Technology
The Five Graphs of Government: How Federal Agencies can Utilize Graph TechnologyNeo4j
 
Accelerating Path to Production for Generative AI-powered Applications
Accelerating Path to Production for Generative AI-powered ApplicationsAccelerating Path to Production for Generative AI-powered Applications
Accelerating Path to Production for Generative AI-powered ApplicationsHostedbyConfluent
 
Knowledge Graphs are Worthless, Knowledge Graph Use Cases are Priceless
Knowledge Graphs are Worthless, Knowledge Graph Use Cases are PricelessKnowledge Graphs are Worthless, Knowledge Graph Use Cases are Priceless
Knowledge Graphs are Worthless, Knowledge Graph Use Cases are PricelessEnterprise Knowledge
 

What's hot (16)

GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)
GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)
GS1 ONS and Digital Link Tutorial, Auto-ID Labs, KAIST (Apr 28, 2020)
 
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
EY + Neo4j: Why graph technology makes sense for fraud detection and customer...
 
Graph Thinking: Why it Matters
Graph Thinking: Why it MattersGraph Thinking: Why it Matters
Graph Thinking: Why it Matters
 
GIS User to Web-GIS Developer Journey
GIS User to Web-GIS Developer JourneyGIS User to Web-GIS Developer Journey
GIS User to Web-GIS Developer Journey
 
Supply Chain Twin Demo - Companion Deck
Supply Chain Twin Demo - Companion DeckSupply Chain Twin Demo - Companion Deck
Supply Chain Twin Demo - Companion Deck
 
Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]Odoo Code Hardening [Odoo Experience 2019]
Odoo Code Hardening [Odoo Experience 2019]
 
Data-Centric Business Transformation Using Knowledge Graphs
Data-Centric Business Transformation Using Knowledge GraphsData-Centric Business Transformation Using Knowledge Graphs
Data-Centric Business Transformation Using Knowledge Graphs
 
Intravitreal in opthamology
Intravitreal in opthamologyIntravitreal in opthamology
Intravitreal in opthamology
 
Promoting the re use of open data through ODIP
Promoting the re use of open data through ODIPPromoting the re use of open data through ODIP
Promoting the re use of open data through ODIP
 
Graph Databases in the Microsoft Ecosystem
Graph Databases in the Microsoft EcosystemGraph Databases in the Microsoft Ecosystem
Graph Databases in the Microsoft Ecosystem
 
Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...
Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...
Cartography and Geospatial Intelligence (GEOINT): Actionable Knowledge for Hu...
 
Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)
Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)
Försäkringskassan: Neo4j as an Information Hub (GraphSummit Stockholm 2023)
 
Introduction to Google Cloud Platform for Big Data - Trusted Conf
Introduction to Google Cloud Platform for Big Data - Trusted ConfIntroduction to Google Cloud Platform for Big Data - Trusted Conf
Introduction to Google Cloud Platform for Big Data - Trusted Conf
 
The Five Graphs of Government: How Federal Agencies can Utilize Graph Technology
The Five Graphs of Government: How Federal Agencies can Utilize Graph TechnologyThe Five Graphs of Government: How Federal Agencies can Utilize Graph Technology
The Five Graphs of Government: How Federal Agencies can Utilize Graph Technology
 
Accelerating Path to Production for Generative AI-powered Applications
Accelerating Path to Production for Generative AI-powered ApplicationsAccelerating Path to Production for Generative AI-powered Applications
Accelerating Path to Production for Generative AI-powered Applications
 
Knowledge Graphs are Worthless, Knowledge Graph Use Cases are Priceless
Knowledge Graphs are Worthless, Knowledge Graph Use Cases are PricelessKnowledge Graphs are Worthless, Knowledge Graph Use Cases are Priceless
Knowledge Graphs are Worthless, Knowledge Graph Use Cases are Priceless
 

Viewers also liked

OpenLDAP Replication Strategies
OpenLDAP Replication StrategiesOpenLDAP Replication Strategies
OpenLDAP Replication StrategiesGavin Henry
 
Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Michael Lamont
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLsbahloul
 
Nis Vs Ldap
Nis Vs LdapNis Vs Ldap
Nis Vs LdapJuan Bau
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010RUDDER
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioLDAPCon
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAPLDAPCon
 
Synchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectSynchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectClément OUDOT
 
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCRMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCClément OUDOT
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersPerforce
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCLDAPCon
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyClément OUDOT
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active DirectoryAhmad Haghighi
 
System Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerSystem Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerTola LENG
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administrationAli Abdo
 
Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)maditabalnco
 

Viewers also liked (19)

OpenLDAP Replication Strategies
OpenLDAP Replication StrategiesOpenLDAP Replication Strategies
OpenLDAP Replication Strategies
 
Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)Installing & Configuring OpenLDAP (Hands On Lab)
Installing & Configuring OpenLDAP (Hands On Lab)
 
Ldap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLLLdap Synchronization Connector @ 2011.RMLL
Ldap Synchronization Connector @ 2011.RMLL
 
Nis Vs Ldap
Nis Vs LdapNis Vs Ldap
Nis Vs Ldap
 
LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010 LSC - Synchronizing identities @ Loadays 2010
LSC - Synchronizing identities @ Loadays 2010
 
IAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutionsIAO’s importance on sound student services in educational institutions
IAO’s importance on sound student services in educational institutions
 
OpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory StudioOpenLDAP configuration brought to Apache Directory Studio
OpenLDAP configuration brought to Apache Directory Studio
 
What's New in OpenLDAP
What's New in OpenLDAPWhat's New in OpenLDAP
What's New in OpenLDAP
 
Synchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC projectSynchronize OpenLDAP with Active Directory with LSC project
Synchronize OpenLDAP with Active Directory with LSC project
 
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSCRMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
RMLL 2013 - Synchronize OpenLDAP and Active Directory with LSC
 
Rhel6
Rhel6Rhel6
Rhel6
 
Active Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without TriggersActive Directory & LDAP Authentication Without Triggers
Active Directory & LDAP Authentication Without Triggers
 
Synchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSCSynchronize AD and OpenLDAP with LSC
Synchronize AD and OpenLDAP with LSC
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policy
 
Open LDAP vs. Active Directory
Open LDAP vs. Active DirectoryOpen LDAP vs. Active Directory
Open LDAP vs. Active Directory
 
AD & LDAP
AD & LDAPAD & LDAP
AD & LDAP
 
System Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba ServerSystem Engineer: OpenLDAP and Samba Server
System Engineer: OpenLDAP and Samba Server
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
 
Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)Reuters: Pictures of the Year 2016 (Part 2)
Reuters: Pictures of the Year 2016 (Part 2)
 

Similar to Manage password policy in OpenLDAP

[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...Worteks
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Clustersmalltown
 
CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps2005
 
Setup oracle golden gate 11g replication
Setup oracle golden gate 11g replicationSetup oracle golden gate 11g replication
Setup oracle golden gate 11g replicationKanwar Batra
 
A Deep Dive into macOS MDM (and How it can be Compromised)
A Deep Dive into macOS MDM (and How it can be Compromised)A Deep Dive into macOS MDM (and How it can be Compromised)
A Deep Dive into macOS MDM (and How it can be Compromised)Priyanka Aash
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018Xavier Mertens
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
 
TechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTrivadis
 
Django Architecture Introduction
Django Architecture IntroductionDjango Architecture Introduction
Django Architecture IntroductionHaiqi Chen
 
Finding target for hacking on internet is now easier
Finding target for hacking on internet is now easierFinding target for hacking on internet is now easier
Finding target for hacking on internet is now easierDavid Thomas
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity ManagementInSync Conference
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10Peter McLarty
 
OpenDayLight (ODL) Project
OpenDayLight (ODL) ProjectOpenDayLight (ODL) Project
OpenDayLight (ODL) ProjectVahid Sadri
 
Building Your Own IoT Platform using FIWARE GEis
Building Your Own IoT Platform using FIWARE GEisBuilding Your Own IoT Platform using FIWARE GEis
Building Your Own IoT Platform using FIWARE GEisFIWARE
 
Pyramid Deployment and Maintenance
Pyramid Deployment and MaintenancePyramid Deployment and Maintenance
Pyramid Deployment and MaintenanceJazkarta, Inc.
 
OpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con PythonOpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con PythonPyCon Italia
 

Similar to Manage password policy in OpenLDAP (20)

[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
[Pass the SALT 2020] Understand password policy in OpenLDAP and discover tool...
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
 
F5 BIG IP LTM & GTM Training Certification
F5 BIG IP LTM & GTM Training CertificationF5 BIG IP LTM & GTM Training Certification
F5 BIG IP LTM & GTM Training Certification
 
CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015
 
Setup oracle golden gate 11g replication
Setup oracle golden gate 11g replicationSetup oracle golden gate 11g replication
Setup oracle golden gate 11g replication
 
A Deep Dive into macOS MDM (and How it can be Compromised)
A Deep Dive into macOS MDM (and How it can be Compromised)A Deep Dive into macOS MDM (and How it can be Compromised)
A Deep Dive into macOS MDM (and How it can be Compromised)
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Docker tlv
Docker tlvDocker tlv
Docker tlv
 
TechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security Features
 
Django Architecture Introduction
Django Architecture IntroductionDjango Architecture Introduction
Django Architecture Introduction
 
Finding target for hacking on internet is now easier
Finding target for hacking on internet is now easierFinding target for hacking on internet is now easier
Finding target for hacking on internet is now easier
 
Under the Hood 11g Identity Management
Under the Hood 11g Identity ManagementUnder the Hood 11g Identity Management
Under the Hood 11g Identity Management
 
11g Identity Management - InSync10
11g Identity Management - InSync1011g Identity Management - InSync10
11g Identity Management - InSync10
 
Core Context Management
Core Context ManagementCore Context Management
Core Context Management
 
Cotech- OPA-v2.pptx
Cotech- OPA-v2.pptxCotech- OPA-v2.pptx
Cotech- OPA-v2.pptx
 
OpenDayLight (ODL) Project
OpenDayLight (ODL) ProjectOpenDayLight (ODL) Project
OpenDayLight (ODL) Project
 
Building Your Own IoT Platform using FIWARE GEis
Building Your Own IoT Platform using FIWARE GEisBuilding Your Own IoT Platform using FIWARE GEis
Building Your Own IoT Platform using FIWARE GEis
 
Pyramid Deployment and Maintenance
Pyramid Deployment and MaintenancePyramid Deployment and Maintenance
Pyramid Deployment and Maintenance
 
OpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con PythonOpenERP e l'arte della gestione aziendale con Python
OpenERP e l'arte della gestione aziendale con Python
 

More from LDAPCon

Fusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapFusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapLDAPCon
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPALDAPCon
 
Benchmarks on LDAP directories
Benchmarks on LDAP directoriesBenchmarks on LDAP directories
Benchmarks on LDAP directoriesLDAPCon
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?LDAPCon
 
Update on the OpenDJ project
Update on the OpenDJ projectUpdate on the OpenDJ project
Update on the OpenDJ projectLDAPCon
 
Build your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerBuild your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerLDAPCon
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAPCon
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsLDAPCon
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerLDAPCon
 
What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...LDAPCon
 
Making Research "Social" using LDAP
Making Research "Social" using LDAPMaking Research "Social" using LDAP
Making Research "Social" using LDAPLDAPCon
 
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...LDAPCon
 
Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3LDAPCon
 
eSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over WebeSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over WebLDAPCon
 
Give a REST to your LDAP directory services
Give a REST to your LDAP directory servicesGive a REST to your LDAP directory services
Give a REST to your LDAP directory servicesLDAPCon
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudLDAPCon
 
IAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship ManagementIAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship ManagementLDAPCon
 

More from LDAPCon (17)

Fusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldapFusiondirectory: your infrastructure manager based on ldap
Fusiondirectory: your infrastructure manager based on ldap
 
Building Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPABuilding Open Source Identity Management with FreeIPA
Building Open Source Identity Management with FreeIPA
 
Benchmarks on LDAP directories
Benchmarks on LDAP directoriesBenchmarks on LDAP directories
Benchmarks on LDAP directories
 
A Backend to tie them all?
A Backend to tie them all?A Backend to tie them all?
A Backend to tie them all?
 
Update on the OpenDJ project
Update on the OpenDJ projectUpdate on the OpenDJ project
Update on the OpenDJ project
 
Build your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory ManagerBuild your LDAP Web Interface with LinID Directory Manager
Build your LDAP Web Interface with LinID Directory Manager
 
LDAP Development Using Spring LDAP
LDAP Development Using Spring LDAPLDAP Development Using Spring LDAP
LDAP Development Using Spring LDAP
 
Do The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clientsDo The Right Thing! How LDAP servers should help LDAP clients
Do The Right Thing! How LDAP servers should help LDAP clients
 
Distributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory ServerDistributed Virtual Transaction Directory Server
Distributed Virtual Transaction Directory Server
 
What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...What makes a LDAP server running fast ? An bit of insight about the various b...
What makes a LDAP server running fast ? An bit of insight about the various b...
 
Making Research "Social" using LDAP
Making Research "Social" using LDAPMaking Research "Social" using LDAP
Making Research "Social" using LDAP
 
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
Bridging the gap: Adding missing client (security) features using OpenLDAP pr...
 
Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3Fortress Open Source IAM on LDAPv3
Fortress Open Source IAM on LDAPv3
 
eSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over WebeSCIMo - User Provisioning over Web
eSCIMo - User Provisioning over Web
 
Give a REST to your LDAP directory services
Give a REST to your LDAP directory servicesGive a REST to your LDAP directory services
Give a REST to your LDAP directory services
 
How AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloudHow AD has been re-engineered to extend to the cloud
How AD has been re-engineered to extend to the cloud
 
IAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship ManagementIAM to IRM: The Shift to Identity Relationship Management
IAM to IRM: The Shift to Identity Relationship Management
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Manage password policy in OpenLDAP

  • 1. Manage password policy in OpenLDAP Clément OUDOT
  • 2. Table of contents  Password policy draft  OpenLDAP ppolicy overlay 2
  • 4. Clément OUDOT  Engineer since 2003 at LINAGORA company  LinID Dream Team Manager: http://linid.org   Founder of LDAP Tool Box project: http://ltb-project.org Leader of LemonLDAP::NG project: http://lemonldap-ng.org Password policy draft 4
  • 6. Draft history  Draft name: draft-behera-ldap-password-policy  Version 0: 20 October 1999  Version 10: August 9, 2009  Draft is expired since February 10, 2010 6
  • 7. Extended control     Password policy is request and response control (OID 1.3.6.1.4.1.42.2.27.8.5.1) The request control indicates the client is ppolicy aware The response control contains flags to advertise client about ppolicy status, it should be parsed by the client Control can be sent on BIND, MOD (if modification contains the password) and PASSMOD operations 7
  • 8. Authentication    Brute-force prevention with account locking and delay Password expiration, with grace management and warning Account activation (start time, end time) 8
  • 9. Modification     Size check (size does matter) Presence in history (with check of minimal age) Password quality (implementation specific) Safe modification (require old password)Size check 9
  • 10. Password change after reset     Someone changes the password of a user An attribute should be added to user entry (pwdReset) At next authentication, the response code is 0 (OK) but the ppolicy control has the “password must change” flag The client should force user to change the password! 10
  • 12. Password policy in OpenLDAP  Implemented as an overlay  Catch BIND, MOD and PASSMOD operations  Use version 9 of Behera Draft  Possibility to add a pwdChecker module 12
  • 13. Overlay configuration  Load overlay if compiled as module: olcModuleLoad: ppolicy.la  Configure overlay in a backend: dn: olcOverlay={1}ppolicy,olcDatabase={1}bdb,cn=config objectClass: olcOverlayConfig objectClass: olcPPolicyConfig olcOverlay: {1}ppolicy olcPPolicyDefault: ou=default,ou=ppolicy,dc=example,dc=com olcPPolicyHashCleartext: TRUE olcPPolicyUseLockout: FALSE olcPPolicyForwardUpdates: FALSE 13
  • 14. Password policy configuration  Configuration in an LDAP specific entry: dn: ou=default,ou=ppolicy,dc=example,dc=com objectClass: pwdPolicy objectClass: pwdPolicyChecker objectClass: organizationalUnit objectClass: top ou: default 14
  • 15. Password policy configuration  All parameters as attributes: pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckModule: check_password.so pwdCheckQuality: 2 pwdExpireWarning: 0 pwdInHistory: 10 pwdLockout: TRUE pwdMaxAge: 31536000 pwdMinAge: 600 pwdMaxFailure: 10 pwdMinLength: 8 pwdMustChange: TRUE PwdSafeModify : FALSE 15
  • 16. More than one policy  Possibility to have several policies: – Several pwdPolicy entries – Use of pwdPolicySubentry in entries dn: uid=bobama,ou=users,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson ObjectClass : person objectClass: top uid : bobama cn : Barack OBAMA sn : OBAMA pwdPolicySubentry : ou=nsa,ou=ppolicy,dc=example,dc=com 16
  • 17. Password checker  LDAP Tool Box provides a compatible password checker module: – Check against upper case, lower case, digits and punctuation – Cracklib support  ITS 7412 in OpenLDAP to add this module as a contribution 17
  • 18. Last authentication time  The lastbind overlay is available in OpenLDAP contribution  Provided in contrib-overlays LTB package  Add authTimestamp operational attribute  Should be replaced by pwdLastSuccess form version 10 of the draft 18
  • 20. Thanks Special thanks to: – LDAPCon ! – Company LINAGORA – All LiniD developers Keep in touch: – Identica: @coudot – Twitter: @clementoudot @LinID_FOSS – IRC: KPTN #LinID@freenode – Web: http://linid.org 20