On Monday 16 June 2003 02.30, John Blance wrote: > To actually check you need to use the ldap attributes [of the user > object] > logingraceremaining and logingracelimit > when logingraceremaining is less than logingracelimit the password > has expired and the user needs to be redirected to the "Your > password has expired, please change it" page > Be aware though that these two attrbutes only exist if the user > password is set to expire and grace logins is enabled. > > Have not yet been required to do this, but there were a couple of > old development projects that sounded like they would provide a > good start. I think [IIRC] that auth_info was one - all though > external_auth_acl may cover requirements now..
external_acl + deny_info (2.5.STABLE3) nicely covers the Squid requirements for implementing this feature. What you need to write is a small helper which queries the LDAP tree to determine if the user is within his "grace period". Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]