[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Expired password notification

To: Andris Eiduks <aeiduks@gmail.com>
Subject: Re: Expired password notification
From: Michael Ströder <michael@stroeder.com>
Date: Wed, 16 Jan 2008 14:06:27 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <79a0106f0801152308ib705d7eub143f2d9ee39ac92@mail.gmail.com>
References: <79a0106f0801152308ib705d7eub143f2d9ee39ac92@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071128 SeaMonkey/1.1.7

Andris Eiduks wrote:

ldapsearch with option "-e ppolicy" shows info about necessary password change.

Is possible to get the same info by BIND operation performing from other systems side again OpenLDAP? Or we must create special functions in application for user attributes checking (pwdChangedTime, pwdGraceUseTime) and notification generation ?

The client applications have to support this as well by using the password policy extended control with the bind request. Basically that's what ldapsearch is doing when you use it with "-e ppolicy".

See also doc/drafts/draft-behera-ldap-password-policy-xx.txt in OpenLDAP's source distribution.

Another approach could be to inform users via e-mail.

Ciao, Michael.

Follow-Ups:
- Re: Expired password notification
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- Expired password notification
  - From: "Andris Eiduks" <aeiduks@gmail.com>

Prev by Date: Re: Subtree renames and memberOf handling
Next by Date: Re: Expired password notification
Index(es):
- Chronological
- Thread