directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sathya S <sathya.skr...@gmail.com>
Subject Password expiry enforcement
Date Sat, 17 May 2014 13:48:39 GMT
I am continuing on my experiments with getting password policies
functioning on ApacheDS and I am trying to enable password expiry and a
warning before the expiry.

This is what I have configured on the server:

dn:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterc
 eptor,ou=interceptors,ads-directoryServiceId=default,ou=config
ads-pwdminlength: 7
ads-pwdinhistory: 5
ads-pwdid: default
ads-pwdcheckquality: 1
ads-pwdlockout: TRUE
ads-pwdlockoutduration: 0

*ads-pwdMaxAge: 300ads-pwdExpireWarning: 180*
...

My understanding of this is that a user's password is valid for 5 minutes
after which authentication would fail. After 3 minutes up to 5 minutes, he
would be able to login, but would receive a warning about impending expiry.
Is that correct?

I restarted the server after making the above change.

I have the below Java code to authenticate the user:

            Hashtable<String, String> env = new Hashtable<String, String>();
            env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.PROVIDER_URL, "ldap://localhost:10389");
            //
            env.put(Context.SECURITY_AUTHENTICATION, "simple");
            env.put(Context.SECURITY_PRINCIPAL,
"uid=Sathya,ou=people,dc=example,dc=com");
            env.put(Context.SECURITY_CREDENTIALS, "helloworld");

            // Create the initial context

            DirContext ctx = new InitialDirContext(env);

I created this user account almost an hour ago but the authentication still
goes through successfully. Anything I am missing here?

Thanks.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message