Mikael Kermorgant wrote: > I could formulate my question this way : > > Which attribute would be best suited to indicate a third application > that the user who logs in must change his password ? Does such an > attribute exist ? If the password has expired, you could check for the operational attribute passwordExpirationTime. If your clocks are closely sync'ed, you can determine if passwordExpirationTime > now. If you have enabled "grace" logins (allow the user to bind and change the password after the expiration time), you can check for the presence of the operational attribute passwordGraceUserTime. If you are using a minimum password age, you can check the operational attribute passwordAllowChangeTime to find out when the user is allowed to change the password. > > Best regards, -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060522/ab60d213/attachment.bin
