directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sathya Skr 75" <sathya.skr...@gmail.com>
Subject Re: Password expiry enforcement
Date Mon, 19 May 2014 12:01:26 GMT
Brilliant!! Thanks so much Kiran. That worked. 

But still don't get a warning before expiry. Some of my friends said that this is something
that needs to be built into the calling code and not something that apacheds provides out
of the box. Is that right?

—
Sent from Mailbox

On Sun, May 18, 2014 at 6:33 PM, Kiran Ayyagari <kayyagari@apache.org>
wrote:

> On Sat, May 17, 2014 at 7:18 PM, Sathya S <sathya.skr.75@gmail.com> wrote:
>> I am continuing on my experiments with getting password policies
>> functioning on ApacheDS and I am trying to enable password expiry and a
>> warning before the expiry.
>>
>> This is what I have configured on the server:
>>
>> dn:
>>
>> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterc
>>  eptor,ou=interceptors,ads-directoryServiceId=default,ou=config
>> ads-pwdminlength: 7
>> ads-pwdinhistory: 5
>> ads-pwdid: default
>> ads-pwdcheckquality: 1
>> ads-pwdlockout: TRUE
>> ads-pwdlockoutduration: 0
>>
>> *ads-pwdMaxAge: 300ads-pwdExpireWarning: 180*
>> ...
>>
>> My understanding of this is that a user's password is valid for 5 minutes
>> after which authentication would fail. After 3 minutes up to 5 minutes, he
>> would be able to login, but would receive a warning about impending expiry.
>> Is that correct?
>>
>> yes, but you need to configure ads-pwdgraceauthnlimit (to >0) as well,
> otherwise bind operation
> always accepts the expired password
>> I restarted the server after making the above change.
>>
>> I have the below Java code to authenticate the user:
>>
>>             Hashtable<String, String> env = new Hashtable<String,
>> String>();
>>             env.put(Context.INITIAL_CONTEXT_FACTORY,
>> "com.sun.jndi.ldap.LdapCtxFactory");
>>             env.put(Context.PROVIDER_URL, "ldap://localhost:10389");
>>             //
>>             env.put(Context.SECURITY_AUTHENTICATION, "simple");
>>             env.put(Context.SECURITY_PRINCIPAL,
>> "uid=Sathya,ou=people,dc=example,dc=com");
>>             env.put(Context.SECURITY_CREDENTIALS, "helloworld");
>>
>>             // Create the initial context
>>
>>             DirContext ctx = new InitialDirContext(env);
>>
>> I created this user account almost an hour ago but the authentication still
>> goes through successfully. Anything I am missing here?
>>
>> Thanks.
>>
> -- 
> Kiran Ayyagari
> http://keydap.com
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message