[Date Prev][Date Next]
Re: password expiration & locking
>I am developing a web based application, and will have the user
>memorized in an openldap server.
>1)I will need to manager password aging & expiration (User must change
>password every 90 days for security reason).
>2)I will also need to manager user locking/unlocking by and administrator.
>I wuold like to know how do you usually manage this things!!!
shadowAccount (usually related to posix shadow passwords) has attributes
for expiry, last change, etc...
>For 1) I thought to memorize in a new attribute the password date
>change, and check every time the user try to enter that it is not passed
>more than 90 days
>For 2) I thought to memorize in a new attribute if the login in locked,
>and check it every time the user try to login.
>I thought to use the object class inetorgperson as a base for the "user
Makes sense, but why not use one of the *Account objectclasses, since it
sounds like your talking about accounts.