Reputation: 495
Testing user password expiration with openldap
I need to test whether our application can handle a user needing to change their password. I'm using the Docker openldap server available from here: https://github.com/osixia/docker-openldap.
I've added various things from here https://ldapwiki.com/wiki/Password%20MUST%20Change to my schema, however if I try to add pwdMustChange to a user, Apache Directory Studio will fail saying the schema doesn't allow for it.
This is what I've put in my schema:
attributetype ( PwdMustChange
NAME 'PwdMustChange'
DESC 'Password Must Be Changed'
EQUALITY booleanMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
)
Apache Directory Studio recognises the value as it autofills pwdMustChange, but when I try to enter a value in the above error occurs.
My question boils down to: How can I simulate a user password expiration with openldap?
Upvotes: 0
Views: 3715
Answers (1)
Reputation: 1318
Which programming language and which LDAP module for this are you using?
I'd suggest to do a bit more of reading:
- OpenLDAP 2.4 Admin Guide -- Configuring slapd because the Docker image you're using insists on using OpenLDAP's dynamic configuration backend
- OpenLDAP 2.4 Admin Guide -- Password Policies
- slapo-ppolicy(5) describes the meaning of all attributes in the pwdPolicy entry
- OpenLDAP implements this draft version: draft-behera-ldap-password-policy-09
Upvotes: 1
Related Questions
- How to set account expiry date in openldap
- How to test ldap ppolicy enforcement
- Find when password expires with ldapsearch
- php ldap-bind expired password
- openLDAP get login attempt on a user
- OpanLdap password policies
- PHP LDAP Check for Password_Expire and Account_Lock
- OpenLDAP only returns warning for expired password
- openldap auththentication php5 - comparing the password
- Testing LDAP Connections to Active Directory Server