[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Implementation for expired password, retry limits and inactive user.

Fernando Ramírez Sánchez wrote:

Hi all,

I want to use OpenLDAP to build a LDAP Server to autheticate users from web and windows applications.
I need to work with the next login features:
* Expired Password.
* Retry limits
* Active / inactive users
I think to define a new class to add these attributes.
I need that ldap_bind returns false if user is inactive, his password is expired or number of bad logins exceeds a value.

Can someone point me the way to implement these features?

These features are supported by the ppolicy (Password Policy) overlay in OpenLDAP 2.3. You can read the manpage slapo-ppolicy(5) for further information. This module is a work-in-progress, as the specification it is based on has not been finalized. Keeping in mind that the code and schema are subject to change at any time, it works well in its current state.

 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support