Anonymous_User Absent Member.
Absent Member.
329 views

Temporary password should expire on user's first login


The business rule that I am trying to implement in my application is
that upon the first time usage of the temporary password the user should
be directed to change password even if the temporary password has not
expired. Please advice which attribute I can use to implement this
functionality. I read about pwdMustChange but I don't think this
attribute is available in Novell eDirectory (which our business uses).
When the user logs in, the user can log in using the temporary password
or non-temporary password. How is it possible to determine the flow of
the user based on whether the password is temporary password or
permanent password? Thanks for your help in advance.


--
supriyar
------------------------------------------------------------------------
supriyar's Profile: https://forums.netiq.com/member.php?userid=6981
View this thread: https://forums.netiq.com/showthread.php?t=50211

Labels (1)
0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Temporary password should expire on user's first login


One additional information. I am using Java JNDI to implement the LDAP
business rules.


--
supriyar
------------------------------------------------------------------------
supriyar's Profile: https://forums.netiq.com/member.php?userid=6981
View this thread: https://forums.netiq.com/showthread.php?t=50211

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Temporary password should expire on user's first login

On Fri, 07 Mar 2014 23:14:02 +0000, supriyar wrote:

> One additional information. I am using Java JNDI to implement the LDAP
> business rules.


The easiest way is to set the password expiration date to the time the
password is changed (or to a time that precedes the time it's being reset
- like to January 1, 1980).

That'll force a password change the next time the user logs in - or after
the number of grace logins has expired, if you're using that.

Jim



--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Temporary password should expire on user's first login

Agreed, you should set the password to be expired (present or past
passwordExpirationTime attribute value) and then also set loginGraceLimit
and loginGraceRemaining to some integer of grace logins (six is the
default I think) and then the user can try that many times. If you do not
use grace logins then LDAP binds can continue indefinitely.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.