[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: password expiration & locking



>I am developing a web based application, and will have the user 
>memorized in an openldap server.
>1)I will need to manager password aging & expiration (User must change 
>password every 90 days for security reason).
>2)I will also need to manager user locking/unlocking by and administrator.
>I wuold like to know how do you usually manage this things!!!

shadowAccount (usually related to posix shadow passwords) has attributes
for expiry, last change, etc...
 
>For 1) I thought to memorize in a new attribute the password date 
>change, and check every time the user try to enter that it is not passed 
>more than 90 days
>For 2) I thought to memorize in a new attribute if the login in locked, 
>and check it every time the user try to login.
>I thought to use the object class inetorgperson as a base for the "user 
>schema".

Makes sense, but why not use one of the *Account objectclasses, since it
sounds like your talking about accounts.