I am continuing on my experiments with getting password policies
functioning on ApacheDS and I am trying to enable password expiry and a
warning before the expiry.
This is what I have configured on the server:
dn:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterc
eptor,ou=interceptors,ads-directoryServiceId=default,ou=config
ads-pwdminlength: 7
ads-pwdinhistory: 5
ads-pwdid: default
ads-pwdcheckquality: 1
ads-pwdlockout: TRUE
ads-pwdlockoutduration: 0
*ads-pwdMaxAge: 300ads-pwdExpireWarning: 180*
...
My understanding of this is that a user's password is valid for 5 minutes
after which authentication would fail. After 3 minutes up to 5 minutes, he
would be able to login, but would receive a warning about impending expiry.
Is that correct?
I restarted the server after making the above change.
I have the below Java code to authenticate the user:
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:10389";);
//
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,
"uid=Sathya,ou=people,dc=example,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "helloworld");
// Create the initial context
DirContext ctx = new InitialDirContext(env);
I created this user account almost an hour ago but the authentication still
goes through successfully. Anything I am missing here?
Thanks.
