[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re[2]: password expiration & locking
Hello Adam,
Using shadow password, If I change the password using an LDAP
API, do I have "attributes for expiry, last change....." updated
automatically, or do I have to update them manually? Are there a
way to have them automatically updated?
Regards,
Max
PS
I will access OpenLDAP from perl and probably from an asp web site
(probably using ADSI)
Thursday, October 31, 2002, 12:33:29 PM, you wrote:
>>I am developing a web based application, and will have the user
>>memorized in an openldap server.
>>1)I will need to manager password aging & expiration (User must change
>>password every 90 days for security reason).
>>2)I will also need to manager user locking/unlocking by and administrator.
>>I wuold like to know how do you usually manage this things!!!
AW> shadowAccount (usually related to posix shadow passwords) has attributes
AW> for expiry, last change, etc...
>>For 1) I thought to memorize in a new attribute the password date
>>change, and check every time the user try to enter that it is not passed
>>more than 90 days
>>For 2) I thought to memorize in a new attribute if the login in locked,
>>and check it every time the user try to login.
>>I thought to use the object class inetorgperson as a base for the "user
>>schema".
AW> Makes sense, but why not use one of the *Account objectclasses, since it
AW> sounds like your talking about accounts.
--
Best regards,
Max mailto:Max_Ma@gmx.net