root@instance-1:~# docker run -d -p 389:389 -p 639:639 --restart always --name openldap-server --hostname shileizcc.com -e LDAP_DOMAIN=shileizcc.com -e LDAP_ADMIN_PASSWORD=shileizcc -v /data/openldap/ldap:/var/lib/ldap -v /data/openldap/slapd.d:/etc/openldap/slapd.d -v /data/openldap/certs:/container/service/slapd/certs slzcc/openldap:0.1.3 Unable to find image 'slzcc/openldap:0.1.3' locally 0.1.3: Pulling from slzcc/openldap 469cfcc7a4b3: Pull complete 9ddffa63e65d: Pull complete d60f5d4dd50f: Pull complete c67bbccff888: Pull complete 4a98b8cb9b24: Pull complete e2f8b8337343: Pull complete ec7f968af05f: Pull complete 423cf4e1f9b6: Pull complete 4a974c9df11c: Pull complete 81bd56e4402f: Pull complete 683c90f78990: Pull complete Digest: sha256:b210c61f0cb1eb280330c50dc803d8f991a7b63a9aaa05b2de354fa0af07f794 Status: Downloaded newer image for slzcc/openldap:0.1.3 c0bb33040ec49b38186b1d096daeb46975e1b0bcc437279fe520eb1882b358e3 root@instance-1:~# docker exec -it openldap-server bash [root@shileizcc /]# ls /usr/lib64/openldap/ppolicy.la /usr/lib64/openldap/ppolicy.la [root@shileizcc /]# cat << EOF | ldapadd -Y EXTERNAL -H ldapi:/// > dn: cn=module{0},cn=config > changetype: modify > add: olcModuleLoad > olcModuleLoad: {2}ppolicy.la > EOF SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=module{0},cn=config" [root@shileizcc /]# cat << EOF | ldapadd -Y EXTERNAL -H ldapi:/// > dn: olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config > changetype: add > objectClass: olcOverlayConfig > objectClass: olcPPolicyConfig > olcOverlay: ppolicy > olcPPolicyDefault: cn=default,ou=pwpolicies,dc=shileizcc,dc=com > olcPPolicyHashCleartext: TRUE > olcPPolicyUseLockout: TRUE > EOF SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 adding new entry "olcOverlay=ppolicy,olcDatabase={2}hdb,cn=config" [root@shileizcc /]# cat << EOF | ldapadd -x -D "cn=admin,dc=shileizcc,dc=com" -w shileizcc -H ldap://shileizcc.com > dn: ou=pwpolicies,dc=shileizcc,dc=com > ou: pwpolicies > objectClass: organizationalUnit > EOF adding new entry "ou=pwpolicies,dc=shileizcc,dc=com" [root@shileizcc /]# cat << EOF | ldapadd -x -D "cn=admin,dc=shileizcc,dc=com" -w shileizcc -H ldap://shileizcc.com > dn: cn=default,ou=pwpolicies,dc=shileizcc,dc=com > cn: default > objectClass: pwdPolicy > objectClass: person > pwdAllowUserChange: TRUE > pwdAttribute: userPassword > pwdExpireWarning: 259200 > pwdFailureCountInterval: 0 > pwdGraceAuthNLimit: 5 > pwdInHistory: 5 > pwdLockout: TRUE > pwdLockoutDuration: 300 > pwdMaxAge: 2592000 > pwdMaxFailure: 5 > pwdMinAge: 0 > pwdMinLength: 8 > pwdMustChange: TRUE > pwdSafeModify: TRUE > sn: dummy value > EOF adding new entry "cn=default,ou=pwpolicies,dc=shileizcc,dc=com"