From 1abb0423856648908a75945bdc96f82933b81190 Mon Sep 17 00:00:00 2001
From: Sami El-Daher <sami.eldaher@arcticlake.com>
Date: Mon, 30 Oct 2023 15:16:35 +0000
Subject: [PATCH] Add ppolicy overlay

---
 README.md                              |  2 +-
 bootstrap/config/ppolicy.ldif          | 14 ++++++++++++++
 bootstrap/data/10_people_bender.ldif   |  1 +
 bootstrap/data/50_ppolicies.ldif       |  5 +++++
 bootstrap/data/60_ppolicy_default.ldif | 19 +++++++++++++++++++
 bootstrap/data/60_ppolicy_robot.ldif   | 19 +++++++++++++++++++
 bootstrap/slapd-init.sh                |  6 ++++++
 7 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 bootstrap/config/ppolicy.ldif
 create mode 100644 bootstrap/data/50_ppolicies.ldif
 create mode 100644 bootstrap/data/60_ppolicy_default.ldif
 create mode 100644 bootstrap/data/60_ppolicy_robot.ldif

diff --git a/README.md b/README.md
index 20bdeee..c7776e5 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@ $ docker build -t openldap .
 ```
 
 The result will be a Docker image built for the local system's architecture
-and stroed in the local Docker image list. Running said image would look like:
+and stored in the local Docker image list. Running said image would look like:
 
 ```sh
 $ docker run --rm -it -p 1389:389 openldap
diff --git a/bootstrap/config/ppolicy.ldif b/bootstrap/config/ppolicy.ldif
new file mode 100644
index 0000000..5cbd46a
--- /dev/null
+++ b/bootstrap/config/ppolicy.ldif
@@ -0,0 +1,14 @@
+# Load ppolicy module
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: ppolicy
+
+# Backend ppolicy overlay
+dn: olcOverlay={2}ppolicy,olcDatabase={1}mdb,cn=config
+changetype: add
+objectClass: olcOverlayConfig
+objectClass: olcPPolicyConfig
+olcOverlay: {2}ppolicy
+olcPPolicyDefault: cn=default,ou=ppolicies,dc=planetexpress,dc=com
+olcPPolicyHashCleartext: TRUE
diff --git a/bootstrap/data/10_people_bender.ldif b/bootstrap/data/10_people_bender.ldif
index 3bd9596..7eefbc5 100644
--- a/bootstrap/data/10_people_bender.ldif
+++ b/bootstrap/data/10_people_bender.ldif
@@ -492,4 +492,5 @@ ou: Delivering Crew
 uid: bender
 userPassword:: e3NzaGF9amxCTnNmVVdKK0tIWHprRFVuYTJSSTBjK09PNmlGdzAxZHd3K3c9P
  Q==
+pwdPolicySubentry: cn=robot,ou=ppolicies,dc=planetexpress,dc=com
 
diff --git a/bootstrap/data/50_ppolicies.ldif b/bootstrap/data/50_ppolicies.ldif
new file mode 100644
index 0000000..2029de2
--- /dev/null
+++ b/bootstrap/data/50_ppolicies.ldif
@@ -0,0 +1,5 @@
+dn: ou=ppolicies,dc=planetexpress,dc=com
+objectClass: top
+objectClass: organizationalUnit
+description: Password policies
+ou: ppolicies
diff --git a/bootstrap/data/60_ppolicy_default.ldif b/bootstrap/data/60_ppolicy_default.ldif
new file mode 100644
index 0000000..3a09ddc
--- /dev/null
+++ b/bootstrap/data/60_ppolicy_default.ldif
@@ -0,0 +1,19 @@
+dn: cn=default,ou=ppolicies,dc=planetexpress,dc=com
+objectClass: pwdPolicy
+objectClass: organizationalRole
+cn: default
+pwdAttribute: userPassword
+pwdAllowUserChange: TRUE
+pwdCheckQuality: 1
+pwdExpireWarning: 0
+pwdFailureCountInterval: 0
+pwdGraceAuthNLimit: 0
+pwdInHistory: 0
+pwdLockout: FALSE
+pwdLockoutDuration: 0
+pwdMaxAge: 0
+pwdMaxFailure: 0
+pwdMinAge: 0
+pwdMinLength: 0
+pwdMustChange: FALSE
+pwdSafeModify: FALSE
diff --git a/bootstrap/data/60_ppolicy_robot.ldif b/bootstrap/data/60_ppolicy_robot.ldif
new file mode 100644
index 0000000..099310e
--- /dev/null
+++ b/bootstrap/data/60_ppolicy_robot.ldif
@@ -0,0 +1,19 @@
+dn: cn=robot,ou=ppolicies,dc=planetexpress,dc=com
+objectClass: pwdPolicy
+objectClass: organizationalRole
+cn: robot
+pwdAttribute: userPassword
+pwdAllowUserChange: TRUE
+pwdCheckQuality: 1
+pwdExpireWarning: 1001
+pwdFailureCountInterval: 0
+pwdGraceAuthNLimit: 0
+pwdInHistory: 0
+pwdLockout: FALSE
+pwdLockoutDuration: 0
+pwdMaxAge: 1000
+pwdMaxFailure: 0
+pwdMinAge: 0
+pwdMinLength: 0
+pwdMustChange: TRUE
+pwdSafeModify: FALSE
diff --git a/bootstrap/slapd-init.sh b/bootstrap/slapd-init.sh
index da2cf65..c3db311 100644
--- a/bootstrap/slapd-init.sh
+++ b/bootstrap/slapd-init.sh
@@ -91,6 +91,11 @@ configure_memberof_overlay(){
   ldapmodify -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/memberof.ldif -Q
 }
 
+configure_ppolicy_overlay(){
+    echo "Configure ppolicy overlay..."
+    ldapmodify -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/ppolicy.ldif -Q
+}
+
 load_initial_data() {
     echo "Load data..."
     local data=$(find ${DATA_DIR} -maxdepth 1 -name \*_\*.ldif -type f | sort)
@@ -125,6 +130,7 @@ configure_msad_features
 configure_tls
 configure_logging
 configure_memberof_overlay
+configure_ppolicy_overlay
 load_initial_data
 
 kill -INT `cat /run/slapd/slapd.pid`