This is a cryptographically signed message in MIME format.
Mikael Kermorgant wrote:
I could formulate my question this way :
Which attribute would be best suited to indicate a third application
that the user who logs in must change his password ? Does such an
attribute exist ?
If the password has expired, you could check for the operational
attribute passwordExpirationTime. If your clocks are closely sync'ed,
you can determine if passwordExpirationTime > now.
If you have enabled "grace" logins (allow the user to bind and change
the password after the expiration time), you can check for the presence
of the operational attribute passwordGraceUserTime.
If you are using a minimum password age, you can check the operational
attribute passwordAllowChangeTime to find out when the user is allowed
to change the password.
Best regards,
smime.p7s
Description: S/MIME Cryptographic Signature
|
