On 3/27/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote:
Hi Dave !
On 3/27/07, Dave Bartlett <[EMAIL PROTECTED]> wrote:
>
> I am evaluating LDAP implementations. I had a difficult time
> determining if Apache Directory can perform some password policy
> functions such as max and min characters in password, expiration days,
> warning days before expiration, logon attempts, etc.
No, we didn't implemented password policies right now. But this is something
we might do sooner or later.
In Apache
> Directory would this be done through 'custom authenticators'?
Sure. This is not really the simpliest way to do it, but this is the way to
go. We may think about other options, like triggers or Store procedures (we
have both) to handle such policies. For instance, with Stored Procedures, we
can check if the password is correct in regard with the given policy. The
good point about SP is that it's basically a java class you simply store
into the server, as any other Ldap element, so you don't have to rebuild the
server.
Yes, an SP phsically is just a Java class with static methods stored
in the DIT. We have a SP caller extended operation but it's not the
matter in this context. Triggers track some operations and invoke SPs
on some scheduled time.
Alex and Ersin, correct me if I'm wrong !
Emmanuel
Thank you,
>
> db
>
> [EMAIL PROTECTED]
>
> 610.540.0202 ext: 1449
>
>
>
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> _
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited. If you received
> this message in error, please contact the sender and delete the material
> from any computer.
>
>
--
Cordialement,
Emmanuel Lécharny
www.iktek.com
--
Ersin
