Can anyone help me in identifying a list of password-related attributes NAC uses/checks against to permit logins, specifically when using an LDAP authentication source (non-Microsoft/AD).
My question arises from the fact that our LDAP authentication source, supporting several resources requiring authentication (NAC, e-mail, etc.), was migrated to Sun's Java System Directory Server 6.x from a very old Netscape 4.x infrastructure. Password security features were not initially activated on the migrated environment, as they had been on the earlier authentication source but the LDAP passwordexpirationtime attribute came across populated from some of our users. These did not affect e-mail authentication, even when the passwordexpirationtime had expired, but did appear to affect LDAP queries for authentication from NAC. Pushing these "expired" passwordexpirationtime attributes into the future resolved our NAC authentication failures. The full array of password protection features will likely be activated for other resources "feeding off" of the LDAP server in the near future, so trying to identify what attributes NAC is "interested" in for authentication purposes. Anyway, if someone could point me at useful URL or doc for this type of NAC information, it would be appreciated. Thanks. Terry Terry Mitchell Sr. Novell/LAN Admin. Loyola Law School Los Angeles
