Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

OpenLDAP set password to expire

Posted on 2014-04-24
7
Medium Priority
?
1,367 Views
Last Modified: 2016-05-21
I am setting up LDAP for my webservers.  I would like to be able to set a users password to expire when I change it so that when the user log in for the first time they are required to change their password.  Basically like you can do in active directory.  How can I do this?  Also, can I do this using the phpLDAPadmin or do i need to do it with the CLI?
0
Comment
Question by:kurtcostello
  • 2
4 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40021885
Since Active Directory is a LDAP server too why dont you use it? Please define "like in active directory"....
I doubt there will be something like apache MMC.EXE and OpenLDAP Sites And Users addon...
0
 
LVL 31

Accepted Solution

by:
serialband earned 1000 total points
ID: 40023509
From http://www.openldap.org/lists/openldap-software/200609/msg00021.html
This is what the ppolicy pwdMaxAge policy setting is for.

From http://www.openldap.org/lists/openldap-software/200904/msg00077.html



    pwdAccountLockedTime

    This attribute contains the time that the user's account was locked. If the account has been locked, the password may no longer be used to authenticate the user to the directory. If pwdAccountLockedTime is set to 000001010000Z, the user's account has been permanently locked and may only be unlocked by an administrator. Note that account locking only takes effect when the pwdLockout password policy attribute is set to "TRUE".
0
 
LVL 40

Expert Comment

by:jlevie
ID: 40023599
I don't remember there being a "must change on next login" flag in the LDAP schema. You could of course add one the the schema. Or you could simply set the change date to be in the past (as if the password lifetime had expired. But in either case it will be up to the application to check the flag for for an expired password. LDAP (like AD) is simply a data store and has nothing directly to do with authentication, password life, lockout, or expiration.
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 1000 total points
ID: 40024227
it is here : http://www.openldap.org/doc/admin24/overlays.html
12.10

Just that it does not claim to be "like active directory" by any means.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question