Hello List,
I have a question in my mind, which I think probably, can be ansered by you-it is as below:-
If there are anywayz that, on successful credentials match too, authentication can be stopped by returning false??
Inotherwords when a user logs on and he is being asked to enter his uid andpassword and then it is checked with the entry stored in the database which returns either True/ False resulting into ansuccessful/unsuccessful authentication.
Is it possible tomake it a unsuccessful authentication manually for a specific userwithout hampering the user's password-this i need in order to disablethe user from the openldap server for some interval of time.
(This I want to do, in order to suspend the user to log on for some time, temporarily.)
Please throw some pointers in this direction !!!!
Thanks, Jyotishmaan Ray Moderator Of Paradise Groups http://yahoogroups.com/group/Spirituality-Paradise
Are You Spiritually Aware !!! Are You Enjoying Yourself !!! See What All You Had Been Missing !!!! Please Join Immediately By Sending A Blank Mail @ Spirituality-Paradise-subscribe@yahoogroups.com
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Jyotishmaan Ray wrote:
Is it possible tomake it a unsuccessful authentication manually for a specific userwithout hampering the user's password-this i need in order to disablethe user from the openldap server for some interval of time.
You can temporarily disable a user with ppolicy overlay and setting attributes pwdLockout and pwdLockoutDuration or by a filter-based ACL filtering on a custom attribute.
Ciao, Michael.
Hello,
We have made something like that:
Users are below ou=People,o=************; if we do not want to have certain users to be able to log on, then we move them to ou=paused_accounts,ou=People,o=***********: that way, normal authentication will fail since the user will be looked up below ou=People,o=*************.
Afterwards, we just move the user accounts back into ou=People,o=************** and everything is ok.
Claus
-----Ursprüngliche Nachricht----- Von: openldap-software-bounces+claus.kick=siemens.com@OpenLDAP.org [mailto:openldap-software-bounces+claus.kick=siemens.com@OpenLDAP.org] Im Auftrag von Jyotishmaan Ray Gesendet: Sonntag, 13. April 2008 14:23 An: openldap-software@openldap.org Betreff: on Authentication in openldap
Hello List,
I have a question in my mind, which I think probably, can be ansered by you-it is as below:-
If there are anywayz that, on successful credentials match too, authentication can be stopped by returning false??
Inotherwords when a user logs on and he is being asked to enter his uid andpassword and then it is checked with the entry stored in the database which returns either True/ False resulting into ansuccessful/unsuccessful authentication.
Is it possible tomake it a unsuccessful authentication manually for a specific userwithout hampering the user's password-this i need in order to disablethe user from the openldap server for some interval of time.
(This I want to do, in order to suspend the user to log on for some time, temporarily.)
Please throw some pointers in this direction !!!!
Thanks, Jyotishmaan Ray Moderator Of Paradise Groups http://yahoogroups.com/group/Spirituality-Paradise
Are You Spiritually Aware !!! Are You Enjoying Yourself !!! See What All You Had Been Missing !!!! Please Join Immediately By Sending A Blank Mail @ Spirituality-Paradise-subscribe@yahoogroups.com
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
openldap-software@openldap.org
-
Jyotishmaan Ray -
Kick, Claus -
Michael Ströder