Ankur Agarwal wrote:
Hi,
In my application i need to implement password lockout (after 3
unsuccessful attempts) and account inactivation by admin. I am using
Weblogic security provider for authenticating my users residing in
redhat LDAP. I have 2 questions:
1) Using directory management console i have set lockout account after
3 login attempts. Account does get locked out but i dont know which
attribute gets set in user profile to indicate the same?
The attribute accountUnlockTime gets set to a generalized timestamp.
Depending on your policy it will either be the time when the user is due
to be unlocked, or the magic timestamp 19700101000000Z if he's locked
out forever.
It's operational and needs to be requested if searched:
ldapsearch [-x] -D "cn=directory manager" -w <password> -b <user's DN>
"(objectclass=*)" accountunlocktime
2) For account inactivation i am setting nsAccountLock=true. Is this
correct?
When i am trying to login i always get same exception that login
failed. Is there a mechanism so that i can identify why login failed
ie due to password lockout or account inactivation?
The LDAP result code is 53 (DSA unwilling to perform) when an
inactivated user tries to bind. There's also some status text, "Account
inactivated. Contact system administrator."
In the case where the user is locked out due to incorrect passwords the
code is 19 (constraint violation) with status text of "Exceed retry
limit. Contact system administrator to reset."
You can verify the output and result code with ldapsearch:
ldapsearch [-x] -D <inactivated or locked user's DN> -w <password> -s
base -b "" "(objectclass=*)"
echo $?
regards,
Ankur
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users