Hi,
We use openLdap as our user identity store for our SSO solution which is openAM.
We want to implement a password expiration strategy.
Therefore we have to configure openLdap to return a signal for events like:
- password about to expire
- password expired
- ....
The openAM code (java) anticipates "controls" for this purpose.
Questions:
- How to configure openLdap to return a control when a password is about to expire.
- Which java Ldap api should be used to process such a control.
Greetings,
Huub
Am Tue, 15 Apr 2014 12:02:27 +0200 schrieb Huub Sepers h.sepers@portbase.com:
Hi,
We use openLdap as our user identity store for our SSO solution which is openAM.
We want to implement a password expiration strategy.
Therefore we have to configure openLdap to return a signal for events like:
password about to expirepassword expired....The openAM code (java) anticipates "controls" for this purpose.
Questions:
How to configure openLdap to return a control when apassword is about to expire.
Which java Ldap api should be used to process such acontrol.
http://tools.ietf.org/html/draft-behera-ldap-password-policy-10 man slapo-ppolicy(5)
-Dieter
Il 15/04/2014 12:02, Huub Sepers ha scritto:
Hi,
We use openLdap as our user identity store for our SSO solution which is openAM.
We want to implement a password expiration strategy.
Therefore we have to configure openLdap to return a signal for events like:
password about to expirepassword expired....The openAM code (java) anticipates "controls" for this purpose.
Questions:
How to configure openLdap to return a control when a passwordis about to expire.
Which java Ldap api should be used to process such a control.
Not sure at all about answering to the correct question, but ldaptive.org java ldap toolset handles fine openldap's ppolicy, for example: just drop ldaptive jar in shibboleth and your IdP warns users whether password is expired (in opposite to wrong password)
greetings,
Francesco
openldap-technical@openldap.org
-
Dieter Klünter -
Francesco Malvezzi -
Huub Sepers