def create_subtree_policy(inst, basedn, log, args):
log = log.getChild('create_subtree_policy')
# Gather the attributes
pwp_manager = PwPolicyManager(inst)
attrs = _args_to_attrs(args, pwp_manager.arg_to_attr)
pwp_manager.create_subtree_policy(args.DN[0], attrs)
print('Successfully created subtree password policy')
def password_policy(topology_st, create_user):
"""Set up password policy for subtree and user"""
pwp = PwPolicyManager(topology_st.standalone)
policy_props = {}
log.info('Create password policy for subtree {}'.format(OU_PEOPLE))
pwp.create_subtree_policy(OU_PEOPLE, policy_props)
log.info('Create password policy for user {}'.format(TEST_USER_DN))
pwp.create_user_policy(TEST_USER_DN, policy_props)
def add_ldapsubentry(server, parent):
pwp = PwPolicyManager(server)
policy_props = {'passwordStorageScheme': 'ssha',
'passwordCheckSyntax': 'on',
'passwordInHistory': '6',
'passwordChange': 'on',
'passwordMinAge': '0',
'passwordExp': 'off',
'passwordMustChange': 'off',}
log.info('Create password policy for subtree {}'.format(parent))
pwp.create_subtree_policy(parent, policy_props)
def _create_pwp(topo, instance):
"""
Will create pwp
"""
policy_props = {}
pwp = PwPolicyManager(topo.standalone)
pwadm_locpol = pwp.create_subtree_policy(instance, policy_props)
for attribute, value in [
('passwordexp', 'off'),
('passwordchange', 'off'),
('passwordmustchange', 'off'),
('passwordchecksyntax', 'off'),
('passwordinhistory', '6'),
('passwordhistory', 'off'),
('passwordlockout', 'off'),
('passwordlockoutduration', '3600'),
('passwordmaxage', '8640000'),
('passwordmaxfailure', '3'),
('passwordminage', '0'),
('passwordminlength', '6'),
('passwordresetfailurecount', '600'),
('passwordunlock', 'on'),
('passwordStorageScheme', 'CLEAR'),
('passwordwarning', '86400')
]:
pwadm_locpol.add(attribute, value)
return pwadm_locpol
def password_policy(topology_st, create_user):
"""Set global password policy.
Then, set fine-grained subtree level password policy
to ou=People with no password syntax.
Note: do not touch nsslapd-pwpolicy-inherit-global -- off by default
"""
log.info('Enable fine-grained policy')
pwp = PwPolicyManager(topology_st.standalone)
policy_props = {
'passwordMustChange': 'off',
'passwordExp': 'off',
'passwordMinAge': '0',
'passwordChange': 'off',
'passwordStorageScheme': 'ssha'
}
pwp.create_subtree_policy(OU_PEOPLE, policy_props)
check_attr_val(topology_st.standalone, ATTR_INHERIT_GLOBAL, 'off')
check_attr_val(topology_st.standalone, ATTR_CHECK_SYNTAX, 'off')
def _create_local_pwp(topo, instance):
"""
For a subtree entry create a local policy
"""
policy_props = {}
pwp = PwPolicyManager(topo.standalone)
pwadm_locpol = pwp.create_subtree_policy(instance, policy_props)
for attribute, value in [
('pwdmustchange', 'on'),
('passwordTPRMaxUse', '3'),
('passwordTPRDelayExpireAt', '1800'),
('passwordTPRDelayValidFrom', '5'),
]:
pwadm_locpol.add(attribute, value)
log.info('Creating local policies for subtree {}'.format(instance))
return pwadm_locpol