[Date Prev][Date Next]
Re: Implementation for expired password, retry limits and inactive user.
Fernando Ramírez Sánchez wrote:
I want to use OpenLDAP to build a LDAP Server to autheticate users
from web and windows applications.
I need to work with the next login features:
* Expired Password.
* Retry limits
* Active / inactive users
I think to define a new class to add these attributes.
I need that ldap_bind returns false if user is inactive, his password
is expired or number of bad logins exceeds a value.
Can someone point me the way to implement these features?
These features are supported by the ppolicy (Password Policy) overlay in
OpenLDAP 2.3. You can read the manpage slapo-ppolicy(5) for further
information. This module is a work-in-progress, as the specification it
is based on has not been finalized. Keeping in mind that the code and
schema are subject to change at any time, it works well in its current
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support