[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Question about ppolicy usage

To: openldap-technical@openldap.org
Subject: Re: Question about ppolicy usage
From: Ángel L. Mateo <amateo@um.es>
Date: Tue, 2 Apr 2019 08:43:36 +0200
Content-language: en-US
In-reply-to: <89bdc155-a159-4d67-a668-f2b3e21d814f@stroeder.com>
References: <c855af59-9cdf-32df-08b1-4ea902774ef4@oszk.hu> <89bdc155-a159-4d67-a668-f2b3e21d814f@stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

El 1/4/19 a las 18:07, Michael Ströder escribió:


Note that semantics for 'pwdAccountLockedTime' are defined herein:

https://tools.ietf.org/html/draft-behera-ldap-password-policy

It does not mean what you want to achieve.

For Æ-DIR I defined custom meta attributes aeStatus, aeExpiryStatus,
aeNotAfter etc.

https://www.ae-dir.com/docs.html#schema-at-aeStatus

I'm curious... how do you use these attributes to enforce the userdoesn't authenticate outside of this range? Does openldap check it? Isresponsibility of the application authenticating?


--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 868888337

References:
- Question about ppolicy usage
  - From: Mikael Bak <bak.mikael@oszk.hu>
- Re: Question about ppolicy usage
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: Question about ppolicy usage
Next by Date: mdb_equality_candidates: (entryUUID) not indexed
Index(es):
- Chronological
- Thread