François Beretti
2006-Mar-31 09:04 UTC
[Fedora-directory-users] API to detect password expiration
Hi, I am trying to implement password expiration in my LDAP software. I am not using the fedora/mozilla/sun API, but the Novell API. So I can''t use specific functions if they exist. There are three concepts I would like to integrate : - Password must be changed after a reset - Password expiration warning - Password expired How can I detect these three events ? Moreover, what can I do within the maximum login attempts ? Only bind then change the password ? Thank you very much, and congratulations for this beautiful software Regards, François Beretti
Richard Megginson
2006-Mar-31 14:53 UTC
Re: [Fedora-directory-users] API to detect password expiration
François Beretti
2006-Mar-31 16:38 UTC
Re: [Fedora-directory-users] API to detect password expiration
On 3/31/06, Richard Megginson <rmeggins@redhat.com> wrote:> François Beretti wrote: > > - Password must be changed after a reset > > - Password expiration warning > > - Password expired > > > > How can I detect these three events ? > > > I''m not sure. You may want to ask on a Novell list to find out what is > supported by their API. But in general, these events are returned to > all LDAPv3 clients in the form of controls, so as long as the Novell API > allows you to receive and parse the response controls, you should be > able to get all of that information.Thank you for your answer. Is there a description somewhere of which controls are used by the Directory Server ?> Yes. Fedora DS allows a configurable number of "grace logins" - the > user is only allowed to BIND, then change their password.Thank you again François