[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: response controls

To: openldap-technical@openldap.org
Subject: Re: response controls
From: Francesco Malvezzi <francesco.malvezzi@unimore.it>
Date: Tue, 15 Apr 2014 13:24:05 +0200
In-reply-to: <BA75E396869C8E449C4FA7E16B48B4330377BBD6@pi-cs-002.AD.portinfolink.com>
References: <BA75E396869C8E449C4FA7E16B48B4330377BBD6@pi-cs-002.AD.portinfolink.com>
Unimore-x-sa-score: -1.2
User-agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

Il 15/04/2014 12:02, Huub Sepers ha scritto:
> Hi,
> 
>  
> 
> We use openLdap as our user identity store for our SSO solution which is
> openAM.
> 
>  
> 
> We want to implement a password expiration strategy.
> 
> Therefore we have to configure openLdap to return a signal for events
> like:
> 
> -          password about to expire
> 
> -          password expired
> 
> -          ....
> 
>  
> 
> The openAM code (java) anticipates "controls" for this purpose.
> 
>  
> 
> Questions:
> 
> -          How to configure openLdap to return a control when a password
> is about to expire.
> 
> -          Which java Ldap api should be used to process such a control.

Not sure at all about answering to the correct question, but
ldaptive.org java ldap toolset handles fine openldap's ppolicy, for
example: just drop ldaptive jar in shibboleth and your IdP warns users
whether password is expired (in opposite to wrong password)

greetings,

Francesco

References:
- response controls
  - From: Huub Sepers <h.sepers@portbase.com>

Prev by Date: Re: response controls
Next by Date: attribute for storing SSH RSA host keys
Index(es):
- Chronological
- Thread