Re[2]: password expiration & locking

[Max_Ma@gmx.net]

Hello Adam,

Using shadow password, If I change the password using an LDAP
API, do I have "attributes for expiry, last change....." updated
automatically, or do I have to update them manually? Are there a
way to have them automatically updated?

Regards,
        Max

PS
I will access OpenLDAP from perl and probably from an asp web site
(probably using ADSI)
Thursday, October 31, 2002, 12:33:29 PM, you wrote:

>>I am developing a web based application, and will have the user 
>>memorized in an openldap server.
>>1)I will need to manager password aging & expiration (User must change 
>>password every 90 days for security reason).
>>2)I will also need to manager user locking/unlocking by and administrator.
>>I wuold like to know how do you usually manage this things!!!

AW> shadowAccount (usually related to posix shadow passwords) has attributes
AW> for expiry, last change, etc...
 
>>For 1) I thought to memorize in a new attribute the password date 
>>change, and check every time the user try to enter that it is not passed 
>>more than 90 days
>>For 2) I thought to memorize in a new attribute if the login in locked, 
>>and check it every time the user try to login.
>>I thought to use the object class inetorgperson as a base for the "user 
>>schema".

AW> Makes sense, but why not use one of the *Account objectclasses, since it
AW> sounds like your talking about accounts.



-- 
Best regards,
 Max                            mailto:Max_Ma@gmx.net