[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Expired password notification

To: Pierangelo Masarati <ando@sys-net.it>
Subject: Re: Expired password notification
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 16 Jan 2008 17:11:43 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <478E1238.9010200@sys-net.it>
References: <79a0106f0801152308ib705d7eub143f2d9ee39ac92@mail.gmail.com> <478E0153.8080605@stroeder.com> <478E1238.9010200@sys-net.it>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071128 SeaMonkey/1.1.7

Pierangelo Masarati wrote:

Michael Ströder wrote:

Andris Eiduks wrote:

ldapsearch  with option "-e ppolicy" shows info about necessary
password change.

Is possible to get the same info by BIND operation performing from
other systems side again OpenLDAP?
Or we must create special functions in application for user attributes
checking (pwdChangedTime, pwdGraceUseTime) and notification generation ?

The client applications have to support this as well by using the
password policy extended control with the bind request. Basically that's
what ldapsearch is doing when you use it with "-e ppolicy".

See also doc/drafts/draft-behera-ldap-password-policy-xx.txt in
OpenLDAP's source distribution.

Another approach could be to inform users via e-mail.

But what if users don't read emails until password expiration?


Damn! ;-)

Seriously: Discussing this to the end is beyond a short posting.

Ciao, Michael.

Follow-Ups:
- Re: Expired password notification
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- Expired password notification
  - From: "Andris Eiduks" <aeiduks@gmail.com>
- Re: Expired password notification
  - From: Michael Ströder <michael@stroeder.com>
- Re: Expired password notification
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: how to change attribute display order
Next by Date: Re: Expired password notification
Index(es):
- Chronological
- Thread