Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EAAEBFA6C for ; Tue, 19 Mar 2013 22:18:21 +0000 (UTC) Received: (qmail 29203 invoked by uid 500); 19 Mar 2013 22:18:21 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 29150 invoked by uid 500); 19 Mar 2013 22:18:21 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 29139 invoked by uid 99); 19 Mar 2013 22:18:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Mar 2013 22:18:20 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [62.153.167.38] (HELO postserver.ibs-ag.de) (62.153.167.38) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Mar 2013 22:18:15 +0000 Received: from postserver.ibs-ag.de (localhost [127.0.0.1]) by postserver.ibs-ag.de (Postfix) with ESMTP id E8A459F2B0 for ; Tue, 19 Mar 2013 23:18:42 +0100 (CET) Received: from IBSCAX2.ibs-ag.com (unknown [192.168.14.12]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by postserver.ibs-ag.de (Postfix) with ESMTPS id E68EE9F1A8 for ; Tue, 19 Mar 2013 23:18:42 +0100 (CET) Received: from IBSCAX3.ibs-ag.com (172.16.0.153) by IBSCAX2.ibs-ag.com (192.168.14.12) with Microsoft SMTP Server (TLS) id 8.3.297.1; Tue, 19 Mar 2013 23:17:53 +0100 Received: from IBSMBX.ibs-ag.com ([fe80::b4de:34c2:e18a:e33d]) by IBSCAX3.ibs-ag.com ([fe80::358d:ea:a69c:22ff%13]) with mapi; Tue, 19 Mar 2013 23:17:52 +0100 From: To: Date: Tue, 19 Mar 2013 23:17:28 +0100 Subject: Want to force password end time Thread-Topic: Want to force password end time Thread-Index: Ac4k71mSv861CNLGRPGMvFwwXNHFaA== Message-ID: <2BE7E81B77921F43A6A273C2DF2FA6A43CDC5D9FF1@IBSMBX.ibs-ag.com> Accept-Language: en-US, de-DE Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, de-DE Content-Type: multipart/alternative; boundary="_000_2BE7E81B77921F43A6A273C2DF2FA6A43CDC5D9FF1IBSMBXibsagco_" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org --_000_2BE7E81B77921F43A6A273C2DF2FA6A43CDC5D9FF1IBSMBXibsagco_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi All, We have a password policy enabled for users with ads-pwdmustchange=3DTRUE. When an admin changes a user's password , the pwdReset=3Dtrue attribute is = set as on the user entry as expected. We get the correct response control and direct a user to a change password = page. This all works great however, this temporary password remains valid for per= iod defined in the policy. Ideally, after receiving the response control for password must change, I'd= like to expire the temporary password after 10 minutes. This way if they defeat our change password routine by canceling it, the pa= ssword wouldn't remain valid for long. Since we never know when the first time they'll login after pwdReset=3Dtrue= is set, this is something I want to do individually on the user entry duri= ng the login process. I've tried setting pwdEndTime on the user entry. This looks like it might b= e what I want but I get a no user modification exception. Can you think of any way to do this? Thanks! java.lang.Exception: [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: fai= led for MessageType : MODIFY_REQUEST Message ID : 67 Modify Request Object : 'uid=3D1337172529807,ou=3Dusers,ou=3Dint,o=3Dcpro' Modification[0] Operation : add Modification pwdEndTime: 20130319220004.006Z org.apache.directory.api.ldap.model.message.ModifyRequestImpl@8ae625e6: ERR= _52 Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.4.1.42.2.27.8.1.= 28 NAME 'pwdEndTime' DESC The time the password becomes disabled EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ] --_000_2BE7E81B77921F43A6A273C2DF2FA6A43CDC5D9FF1IBSMBXibsagco_--