[Date Prev][Date Next] [Chronological] [Thread] [Top]

sane ppolicy choices

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: sane ppolicy choices
From: Igor Shmukler <igor.shmukler@gmail.com>
Date: Thu, 5 Mar 2015 11:35:23 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=EUgEig2Am8lMzxZL8lSId8h0CKfD8OOR7tuMSN72Lpw=; b=ROHQjLQGYEaGnwpH+TUYWfao7e4nZiSxrAYdaQjIqsCYsujQNQVVt+MXrXDvI9XlAY FM7APnCABraIEXD2qSQ1KbIErBSFwY+RhWeirXNEyuH63ETExyP/GAVltktcA6PBW1TT vPPYOi4l4z0NrCb/8HRx76vdS7nESKNCLDzPbdnjOFF21h2Wh6bOtyT1QgLwwYkkLzCt T9I4RDBBP962T9/Xs5kspmuZDhPioR/ZfOe4KlAgcanE/uLENhmYp4mQWaxIzVZkW9Z3 05KZd3TT1QsbwRkNxB4coe0gKI5zOuvrgFuajf7TCtdvbpYDnzgd8T1hnSL6tF2LIHNu ESdg==

Hello,

I am trying to implement a trial [period] for new customers, using the
OpenLDAP password policy overlay.

I was thinking about setting a combination of pwdMaxAge, pwdMustChange
and pwdAllowUserChange.

Basically, the best idea I have had is to set MaxAge to the length of
trial [in seconds] then in a user changes the password while in trial
mode, calculate MaxAge as (trial_length - time_passed), then at the
end setting MustChange to true and AllowUserChange to false [until the
trial has been converted].

Is that a sane policy? Should I be doing something totally different?
Please advise.

Sincerely,

Igor Shmukler

Follow-Ups:
- Re: sane ppolicy choices
  - From: Igor Shmukler <igor.shmukler@gmail.com>
- Re: sane ppolicy choices
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Re: ldap_sasl_bind_s question
Next by Date: Re: sane ppolicy choices
Index(es):
- Chronological
- Thread