From c4b39c091e413d196112a94352654a4803ed3c84 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Wed, 30 Jan 2013 20:28:47 +0100
Subject: Password policy

---
 ldap/base.ldif | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'ldap/base.ldif')

diff --git a/ldap/base.ldif b/ldap/base.ldif
index c102beb..81e8874 100644
--- a/ldap/base.ldif
+++ b/ldap/base.ldif
@@ -13,6 +13,14 @@ dn: o=mailHosting,dc=fripost,dc=dev
 objectClass: organization
 description: Mail hosting
 
+dn: cn=ppolicy,o=mailHosting,dc=fripost,dc=dev
+objectClass: organizationalRole
+objectClass: pwdPolicy
+pwdAttribute: userPassword
+pwdLockout: TRUE
+pwdLockoutDuration: 900
+pwdFailureCountInterval: 300
+pwdMaxFailure: 3
 
 dn: ou=virtual,o=mailHosting,dc=fripost,dc=dev
 objectClass: organizationalUnit
@@ -51,7 +59,8 @@ dn: cn=AdminWebPanel,ou=services,o=mailHosting,dc=fripost,dc=dev
 objectClass: simpleSecurityObject
 objectClass: organizationalRole
 description: The adminstrator Web Panel
-userPassword: panel
+userPassword: {CLEARTEXT}panel
+# NOTE: ^ The password needs to be stored clear for DIGEST-MD5 SASL authentication
 authzTo: dn.regex:^fvl=[^,]+,fvd=[^,]+,ou=virtual,o=mailHosting,dc=fripost,dc=dev$
 #authzTo: ldap:///ou=virtual,o=mailHosting,dc=fripost,dc=dev??sub?(objectClass=FripostVirtualUser)
 # NOTE: ^ This is an expensive operation, and requires search perms for the service.
-- 
cgit v1.2.3