[Date Prev][Date Next]
Re: ppolicy by group
Buchan Milne wrote:
On Thursday 26 June 2008 13:52:05 Michael Ströder wrote:
Let's look at a very simply case: How should a web server which
implements HTTP basic authc implement the user interaction needed? It
simply relies on the browser popping up the login window, nothing else.
What you could do is redirect the user to an error page implemented as
CGI-BIN which makes further checks. You can do that yourself.
But, ideally I would like to send the user to the right page (not a
generic "authorization failed"), in which case I need a different error code
to send them to a suitable error page (which might have a form for them to
change their password etc.).
You could redirect them always to the not-autorized-URL and the CGI-BIN
handler behind that retrys the LDAP bind together with ppolicy control
reacting according to the ppolicy control values in the bind response.
Just a rough idea though...not sure how to reliably pass the
username/password to the not-autorized-URL. Let's think about it...