Determine when a password is about to expire

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Most LDAP servers use a different schema than the Microsoft version and 
work from the opposite direction. Try querying "passwordexpirationtime". 
You can do a search for the specific password schema with the following 
info: 2.16.840.1.113730.3.2.12  passwordObject

I think it is more common to:
1. administratively set the password on a user account
2. set the password expiration to occur immediately.
3. set the passwordGraceUserTime for a time period that allows the user 
to log in solely to change their password.

However, you must explicitly program your site to gracefully handle this 
situation (condition where passwordexpirationtime < now < 
passwordGraceUserTime) , since the user's LDAP authentication attempt 
against the directory will fail (with an error indicating the password 
has expired).

On 01/21/2011 09:45 AM, harry.devine at faa.gov wrote:
>
> I am in the process of creating a web-based mechanism to allow our 
> users to change their password on our new 389-ds server.  I would like 
> to display the date that their password is due to expire, and while 
> Googling around, I see a lot of references to pwdLastSet, but about 
> 95% of the articles are referring to Active Directory.  I don't see 
> pwdLastSet amongst the attributes in my default 389-ds setup.  Is it 
> there, or do I have to add that attribute to every account?
>
> Also, I currently have my pages set up where, when the user logs in, 
> it detects our 'default' password and forces them to change it.  Is 
> there some attribute in their account that I can set that I can key 
> off of and force them to change their password when they login to my 
> site?
>
> Thanks for any tips!
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJT-144
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20110121/b119eceb/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux