Sarang Rao

Greenhorn
+ Follow
since Aug 21, 2002
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Sarang Rao

Hi,
I'm trying to implement a password policy in LDAP.
I have a account lockout policy which locks the account when the password is entered incorrectly for 3 times continously.
I also have another rule for changing passwords that checks for the last 3 passwords and does not allow me to enter the same password while changing.

I need to provide a sys admin to be able to reset passwords for a userid once it gets locked due to the above policy.
As I understand, a password is reset by changing the password to "". This works if I reset the password from the LDAP UI but when I try to modify the password from my java API it gives me an error saying that the password cannot be "" due to the second policy in place.

Is there any other way to reset the password through the API or do I have to reset it from the Iplanet UI itself.
I would appreciate if someone can give me a hint on what needs to be done.

Thanks
Sarang
16 years ago
Hi Kumar,
We have a very similar setup in place.
Just to give you a brief explanation.

Consider each menu item as a security object. Each object has access depending on the roles.
You would also have a mapping of security objects with roles. This is database driven.

Once the user logs in, you can figure out his roles for that application and get the access of all the objects registered under that application.
We save this set of permissions as a collection in ldap so that we don't have to look up everytime a menu / object has to be rendered.

I'm not getting into the details of implementing the same. You might want to try out different options.
Hope this helps.

Thanks
Sarang
16 years ago