mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-09 05:28:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use password policy overlay in LDAP and configure Stalwart to use it

Browse Source
This commit is contained in:
Pascal Bleser
2025-06-04 11:43:36 +02:00
parent 8df0f5ed75
commit d00fe96128
3 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
devtools/deployments/opencloud_full/config/ldap/ldif/11_ppolicy.ldif Normal file
View File

@@ -0,0 +1,26 @@
dn: ou=policies,dc=opencloud,dc=eu
objectClass: organizationalUnit
objectClass: top
ou: policies
dn: cn=default,ou=policies,dc=opencloud,dc=eu
cn: default
objectClass: pwdPolicy
objectClass: person
objectClass: top
pwdAllowUserChange: TRUE
pwdAttribute: userPassword
pwdCheckQuality: 0
pwdExpireWarning: 600
pwdFailureCountInterval: 30
pwdGraceAuthNLimit: 5
pwdInHistory: 5
pwdLockout: FALSE
pwdLockoutDuration: 0
pwdMaxAge: 0
pwdMaxFailure: 5
pwdMinAge: 0
pwdMinLength: 1
pwdMustChange: FALSE
pwdSafeModify: FALSE
sn: default

7
devtools/deployments/opencloud_full/config/stalwart/config.toml
View File

@@ -19,6 +19,7 @@ directory.ldap.attributes.email-alias = "mailAlias"
directory.ldap.attributes.groups = "memberOf"
directory.ldap.attributes.name = "uid"
directory.ldap.attributes.secret = "userPassword"
directory.ldap.attributes.secret-changed = "pwdChangedTime"
directory.ldap.base-dn = "dc=opencloud,dc=eu"
directory.ldap.bind.auth.dn = "uid=?,ou=users,dc=opencloud,dc=eu"
directory.ldap.bind.auth.enable = true
@@ -29,9 +30,9 @@ directory.ldap.cache.ttl.negative = "10m"
directory.ldap.cache.ttl.positive = "1h"
directory.ldap.filter.email = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(|(mail=?)(mailAlias=?)(mailList=?)))"
directory.ldap.filter.name = "(&(|(objectClass=posixAccount)(objectClass=posixGroup))(uid=?))"
directory.ldap.timeout = "3s"
directory.ldap.tls.allow-invalid-certs = false
directory.ldap.tls.enable = false
directory.ldap.timeout = "5s"
directory.ldap.tls.allow-invalid-certs = true
directory.ldap.tls.enable = true
directory.ldap.type = "ldap"
directory.ldap.url = "ldap://ldap-server:1389"
metrics.prometheus.auth.secret = "secret"

3
devtools/deployments/opencloud_full/ldap.yml
View File

@@ -39,6 +39,9 @@ services:
LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/share/openldap.key
LDAP_ROOT: "dc=opencloud,dc=eu"
LDAP_ADMIN_PASSWORD: ${LDAP_ADMIN_PASSWORD:-admin}
LDAP_CONFIGURE_PPOLICY: "yes"
LDAP_PPOLICY_USE_LOCKOUT: "no"
LDAP_PPOLICY_HASH_CLEARTEXT: "no"
ports:
- "127.0.0.1:389:1389"
- "127.0.0.1:636:1636"