[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Howto time expires an Openldap account ?

To: LABICHE Alexandre <alexandrelabiche@hotmail.com>
Subject: Re: Howto time expires an Openldap account ?
From: Howard Chu <hyc@symas.com>
Date: Tue, 05 Sep 2006 13:24:28 -0700
Cc: ando@sys-net.it, openldap-software@OpenLDAP.org
In-reply-to: <BAY106-F31EA7BA364D3B41DB3DFDECB300@phx.gbl>
References: <BAY106-F31EA7BA364D3B41DB3DFDECB300@phx.gbl>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060823 Netscape/7.2 (ax) Firefox/1.5 SeaMonkey/1.5a

LABICHE Alexandre wrote:

Hello Pierangelo,
Thanks for your quick reply and your perfect analyse.
To explain what I use in ppolicy is to lock an account at a specific time. Exactly the account is locked because user doesn't change his password after a graceful period. But if he changes his password before graceful period , his account is OK for a new period.

So if want to lock an account I must block the "change password" for users. That's what I think.

It's not really a expiredtime account and our internal policy wants users change their passwords.


This is what the ppolicy pwdMaxAge policy setting is for.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

References:
- Re: Howto time expires an Openldap account ?
  - From: "LABICHE Alexandre" <alexandrelabiche@hotmail.com>

Prev by Date: Re: Howto time expires an Openldap account ?
Next by Date: LDAP/TLS/389 works, LDAP/SSL/636 does not...
Index(es):
- Chronological
- Thread