From 2eebc22f4619167d5153f5a0be2e418e0e106fda Mon Sep 17 00:00:00 2001
From: Davide Principi <davide.principi@nethesis.it>
Date: Mon, 16 Oct 2023 12:41:48 +0200
Subject: [PATCH] Enforce a default password policy

- Password age min 0, max 180 days
- Check password complexity with ppolicy.so
- Password history length is 12, less than 6 years of passwords
---
 server/usr/local/lib/templates/mdb0.ldif | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/usr/local/lib/templates/mdb0.ldif b/server/usr/local/lib/templates/mdb0.ldif
index a21599a..73fb2e3 100644
--- a/server/usr/local/lib/templates/mdb0.ldif
+++ b/server/usr/local/lib/templates/mdb0.ldif
@@ -31,11 +31,11 @@ cn: default
 pwdAttribute: userPassword
 pwdCheckQuality: 2
 pwdMinAge: 0
-pwdMaxAge: 0
+pwdMaxAge: 15552000
 pwdMinLength: 8
-pwdInHistory: 5
+pwdInHistory: 12
 pwdLockout: FALSE
-pwdUseCheckModule: FALSE
+pwdUseCheckModule: TRUE
 pwdCheckModuleArg: default
 pwdExpireWarning: 0