On Sunday 15 June 2003 17.54, Frank Fegert wrote: > we're using squid with the squid-ldap-auth helper to authenticate > users & groups against NDS. The NDS uses password aging with three > "goodwill" (whats the word in english?) logins after password > expiration. The problem right now is that the squid-auth helper > consumes all "goodwill" logins after a password has expired, > without informing the user about that fact. Thus the next logon to > the OS is denied and the user has no chance to change his password. > Is there a way to circumvent this problem?
You need to write an additional helper which checks the password expiration in your NDS tree, and then deny the user access if his password is expired or about to expire, with a message that he needs to change the password (see external_acl_type and deny_info directives) The helper can most likely be written as a small shell script running ldapsearch and date.. but you need to know how the expiry time is recorded in the NDS LDAP tree (almost certainly an attribute of the user object) Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
