Re: [squid-users] LDAP Auth + Passwd expiry

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 16 Jun 2003 10:35:31 +0200

On Monday 16 June 2003 02.30, John Blance wrote:
> To actually check you need to use the ldap attributes [of the user
> object]
> logingraceremaining and logingracelimit
> when logingraceremaining is less than logingracelimit the password
> has expired and the user needs to be redirected to the "Your
> password has expired, please change it" page
> Be aware though that these two attrbutes only exist if the user
> password is set to expire and grace logins is enabled.
>
> Have not yet been required to do this, but there were a couple of
> old development projects that sounded like they would provide a
> good start. I think [IIRC] that auth_info was one - all though
> external_auth_acl may cover requirements now..

external_acl + deny_info (2.5.STABLE3) nicely covers the Squid
requirements for implementing this feature. What you need to write is
a small helper which queries the LDAP tree to determine if the user
is within his "grace period".

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Mon Jun 16 2003 - 02:34:19 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:22 MST