<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Most LDAP servers use a different schema than the Microsoft version
and work from the opposite direction. Try querying
"passwordexpirationtime". You can do a search for the specific
password schema with the following info: 2.16.840.1.113730.3.2.12
passwordObject<br>
<br>
I think it is more common to:<br>
1. administratively set the password on a user account<br>
2. set the password expiration to occur immediately.<br>
3. set the passwordGraceUserTime for a time period that allows the
user to log in solely to change their password.<br>
<br>
However, you must explicitly program your site to gracefully handle
this situation (condition where passwordexpirationtime < now <
passwordGraceUserTime) , since the user's LDAP authentication
attempt against the directory will fail (with an error indicating
the password has expired).<br>
<br>
On 01/21/2011 09:45 AM, <a class="moz-txt-link-abbreviated" href="mailto:harry.devine@faa.gov">harry.devine@faa.gov</a> wrote:
<blockquote
cite="mid:OF0500A4A1.44DE7644-ON8525781F.005055BA-8525781F.005108D2@faa.gov"
type="cite">
<br>
<font face="sans-serif" size="2">I am in the process of creating a
web-based
mechanism to allow our users to change their password on our new
389-ds
server. I would like to display the date that their password is
due
to expire, and while Googling around, I see a lot of references
to pwdLastSet,
but about 95% of the articles are referring to Active Directory.
I
don't see pwdLastSet amongst the attributes in my default 389-ds
setup.
Is it there, or do I have to add that attribute to every
account?</font>
<br>
<br>
<font face="sans-serif" size="2">Also, I currently have my pages
set
up where, when the user logs in, it detects our 'default'
password and
forces them to change it. Is there some attribute in their
account
that I can set that I can key off of and force them to change
their password
when they login to my site?</font>
<br>
<br>
<font face="sans-serif" size="2">Thanks for any tips!</font>
<br>
<font face="sans-serif" size="2">Harry</font>
<br>
<br>
<font face="sans-serif" size="2">Harry Devine<br>
Common ARTS Software Development<br>
AJT-144<br>
(609)485-4218<br>
<a class="moz-txt-link-abbreviated" href="mailto:Harry.Devine@faa.gov">Harry.Devine@faa.gov</a></font>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>