| Author |
Message |
Ed
Guest
|
 Posted:
Thu Jan 13, 2005 2:01 am Post subject:
ADAM Password Expiration |
|
|
Ok, I have a question about how Password Expiration works with ADAM accounts.
If the account's password is expired, can it still be used to bind? If not,
what is the best practice for having the user change their password?
Should I have an ADSI-based page that somehow intercepts an error message
returned by ADAM for the expired password, then redirects the user to a
change password page, and then bind via an Admin account? |
|
| Back to top |
|
 |
Lee Flight
Guest
|
| Posted:
Thu Jan 13, 2005 4:42 am Post subject:
Re: ADAM Password Expiration |
|
|
Hi
inline below...
"Ed" <Ed@discussions.microsoft.com> wrote in message
news:6288A1D4-4F82-480A-934E-0D65D7FF140C@microsoft.com...
| Quote: | Ok, I have a question about how Password Expiration works with ADAM
accounts. > If the account's password is expired, can it still be used to
bind?
|
From memory I think the answer is no the user cannot bind when the password
expires. As all an ADAM user does is an LDAP bind it would not make sense
to do otherwise as there is no out of band method of offering the
opportunity to
reset. When I have used an account that I want to read data as part of some
service
I have set a very complex password and then disabled expiry for that
account.
| Quote: | If not,
what is the best practice for having the user change their password?
|
I suspect that you need a tool to check for imminent password expiry and
then notify the user that they need to change it through some code/interface
that you provide.
| Quote: | Should I have an ADSI-based page that somehow intercepts an error message
returned by ADAM for the expired password, then redirects the user to a
change password page, and then bind via an Admin account?
|
That would be great but I do not think you will be able to get the error
message through the Microsoft LDAP provider that sits under ADSI.
Lee Flight |
|
| Back to top |
|
|
Dmitri Gavrilov [MSFT]
Guest
|
| Posted:
Thu Jan 13, 2005 1:35 pm Post subject:
Re: ADAM Password Expiration |
|
|
See my other post.
If you were using straight LDAP, then you'd be unable to bind after the pwd
has expired. But with ADSI, you are most likely seeing cached connections.
--
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Lee Flight" <lef@le.ac.uk-nospam> wrote in message
news:#a0eNgP#EHA.2608@TK2MSFTNGP10.phx.gbl...
| Quote: | Hi
inline below...
"Ed" <Ed@discussions.microsoft.com> wrote in message
news:6288A1D4-4F82-480A-934E-0D65D7FF140C@microsoft.com...
Ok, I have a question about how Password Expiration works with ADAM
accounts. > If the account's password is expired, can it still be used
to
bind?
From memory I think the answer is no the user cannot bind when the
password
expires. As all an ADAM user does is an LDAP bind it would not make sense
to do otherwise as there is no out of band method of offering the
opportunity to
reset. When I have used an account that I want to read data as part of
some
service
I have set a very complex password and then disabled expiry for that
account.
If not,
what is the best practice for having the user change their password?
I suspect that you need a tool to check for imminent password expiry and
then notify the user that they need to change it through some
code/interface
that you provide.
Should I have an ADSI-based page that somehow intercepts an error
message
returned by ADAM for the expired password, then redirects the user to a
change password page, and then bind via an Admin account?
That would be great but I do not think you will be able to get the error
message through the Microsoft LDAP provider that sits under ADSI.
Lee Flight
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in