On Mon, May 19, 2014 at 5:31 PM, Sathya Skr 75 <[email protected]>wrote:
> Brilliant!! Thanks so much Kiran. That worked. > > But still don't get a warning before expiry. Some of my friends said that > this is something that needs to be built into the calling code and not > something that apacheds provides out of the box. Is that right? > you need to send password policy request control (OID is 1.3.6.1.4.1.42.2.27.8.5.1) to get the warning back, note that the error/warning will be present in the password policy response control present in the bind response > > — > Sent from Mailbox > > On Sun, May 18, 2014 at 6:33 PM, Kiran Ayyagari <[email protected]> > wrote: > > > On Sat, May 17, 2014 at 7:18 PM, Sathya S <[email protected]> > wrote: > >> I am continuing on my experiments with getting password policies > >> functioning on ApacheDS and I am trying to enable password expiry and a > >> warning before the expiry. > >> > >> This is what I have configured on the server: > >> > >> dn: > >> > >> > ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterc > >> eptor,ou=interceptors,ads-directoryServiceId=default,ou=config > >> ads-pwdminlength: 7 > >> ads-pwdinhistory: 5 > >> ads-pwdid: default > >> ads-pwdcheckquality: 1 > >> ads-pwdlockout: TRUE > >> ads-pwdlockoutduration: 0 > >> > >> *ads-pwdMaxAge: 300ads-pwdExpireWarning: 180* > >> ... > >> > >> My understanding of this is that a user's password is valid for 5 > minutes > >> after which authentication would fail. After 3 minutes up to 5 minutes, > he > >> would be able to login, but would receive a warning about impending > expiry. > >> Is that correct? > >> > >> yes, but you need to configure ads-pwdgraceauthnlimit (to >0) as well, > > otherwise bind operation > > always accepts the expired password > >> I restarted the server after making the above change. > >> > >> I have the below Java code to authenticate the user: > >> > >> Hashtable<String, String> env = new Hashtable<String, > >> String>(); > >> env.put(Context.INITIAL_CONTEXT_FACTORY, > >> "com.sun.jndi.ldap.LdapCtxFactory"); > >> env.put(Context.PROVIDER_URL, "ldap://localhost:10389";); > >> // > >> env.put(Context.SECURITY_AUTHENTICATION, "simple"); > >> env.put(Context.SECURITY_PRINCIPAL, > >> "uid=Sathya,ou=people,dc=example,dc=com"); > >> env.put(Context.SECURITY_CREDENTIALS, "helloworld"); > >> > >> // Create the initial context > >> > >> DirContext ctx = new InitialDirContext(env); > >> > >> I created this user account almost an hour ago but the authentication > still > >> goes through successfully. Anything I am missing here? > >> > >> Thanks. > >> > > -- > > Kiran Ayyagari > > http://keydap.com > -- Kiran Ayyagari http://keydap.com
