On Monday 16 June 2003 02.30, John Blance wrote:
> To actually check you need to use the ldap attributes [of the user
> object]
> logingraceremaining and logingracelimit
> when logingraceremaining is less than logingracelimit the password
> has expired and the user needs to be redirected to the "Your
> password has expired, please change it" page
> Be aware though that these two attrbutes only exist if the user
> password is set to expire and grace logins is enabled.
>
> Have not yet been required to do this, but there were a couple of
> old development projects that sounded like they would provide a
> good start. I think [IIRC] that auth_info was one - all though
> external_auth_acl may cover requirements now..
external_acl + deny_info (2.5.STABLE3) nicely covers the Squid
requirements for implementing this feature. What you need to write is
a small helper which queries the LDAP tree to determine if the user
is within his "grace period".
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon Jun 16 2003 - 02:34:19 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:22 MST