From 44ab0ecab54dc1989d871af8d8e0bc771aafb94a Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Wed, 24 Feb 2021 20:11:50 +0100
Subject: [PATCH] LSexample: add sysaccounts pwdPolicy

---
 lsexample/lsexample.ldif                      | 28 ++++++++++++++++++-
 .../config.LSobjects.LSsysaccount.php         |  4 +++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/lsexample/lsexample.ldif b/lsexample/lsexample.ldif
index a94515bc..c8a0be34 100644
--- a/lsexample/lsexample.ldif
+++ b/lsexample/lsexample.ldif
@@ -26,6 +26,7 @@ objectClass: top
 objectClass: lssysaccount
 uid: mail
 userPassword: toto
+pwdPolicySubentry: cn=sysaccounts,ou=ppolicies,o=ls
 structuralObjectClass: lssysaccount
 
 dn: uid=samba,ou=sysaccounts,o=ls
@@ -33,6 +34,7 @@ objectClass: top
 objectClass: lssysaccount
 uid: samba
 userPassword: toto
+pwdPolicySubentry: cn=sysaccounts,ou=ppolicies,o=ls
 structuralObjectClass: lssysaccount
 
 dn: uid=ldapsaisie,ou=sysaccounts,o=ls
@@ -40,6 +42,7 @@ objectClass: top
 objectClass: lssysaccount
 uid: ldapsaisie
 userPassword: toto
+pwdPolicySubentry: cn=sysaccounts,ou=ppolicies,o=ls
 structuralObjectClass: lssysaccount
 
 dn: ou=groups,o=ls
@@ -672,7 +675,7 @@ objectclass: pwdPolicyChecker
 pwdAttribute: userPassword
 pwdMinAge: 0
 pwdMaxAge: 0
-pwdInHistory: 0
+pwdInHistory: 3
 pwdCheckQuality: 1
 pwdMinLength: 8
 pwdExpireWarning: 0
@@ -685,3 +688,26 @@ pwdFailureCountInterval: 0
 pwdMustChange: FALSE
 pwdAllowUserChange: FALSE
 pwdSafeModify: FALSE
+
+dn: cn=sysaccounts,ou=ppolicies,o=ls
+cn: sysaccounts
+objectclass: top
+objectclass: device
+objectclass: pwdPolicy
+objectclass: pwdPolicyChecker
+pwdAttribute: userPassword
+pwdMinAge: 0
+pwdMaxAge: 0
+pwdInHistory: 0
+pwdCheckQuality: 1
+pwdMinLength: 10
+pwdExpireWarning: 0
+pwdGraceAuthnLimit: 0
+pwdLockout: FALSE
+pwdLockoutDuration: 0
+pwdMaxFailure: 0
+pwdMaxRecordedFailure: 0
+pwdFailureCountInterval: 0
+pwdMustChange: FALSE
+pwdAllowUserChange: FALSE
+pwdSafeModify: FALSE
diff --git a/src/conf/LSobjects/config.LSobjects.LSsysaccount.php b/src/conf/LSobjects/config.LSobjects.LSsysaccount.php
index b84e169f..0c4108f1 100644
--- a/src/conf/LSobjects/config.LSobjects.LSsysaccount.php
+++ b/src/conf/LSobjects/config.LSobjects.LSsysaccount.php
@@ -187,3 +187,7 @@ $GLOBALS['LSobjects']['LSsysaccount'] = array (
 
   )), // Fin attrs & array_merge()
 );
+
+$GLOBALS['LSobjects']['LSsysaccount']['attrs']['pwdPolicySubentry']['default_value'] = 'cn=sysaccounts,ou=ppolicies,o=ls';
+unset($GLOBALS['LSobjects']['LSsysaccount']['attrs']['pwdPolicySubentry']['form']['create']);
+$GLOBALS['LSobjects']['LSsysaccount']['attrs']['pwdPolicySubentry']['required'] = 1;