Tickets :: [#6012] Password expiration for Sun/Fedora Directory Server

6.0.0-beta1

7/8/25

Summary	Password expiration for Sun/Fedora Directory Server
Queue	Horde Framework Packages
Queue Version	HEAD
Type	Enhancement
State	Resolved
Priority	1. Low
Owners	chuck (at) horde (dot) org
Requester	marco (at) csita (dot) unige (dot) it
Created	12/15/2007 (6415 days ago)
Due
Updated	12/20/2007 (6410 days ago)
Assigned
Resolved	12/20/2007 (6410 days ago)
Milestone
Patch	No

12/20/2007 11:10:27 PM	Chuck Hagenbuch	Comment #6 Assigned to Chuck Hagenbuch State ⇒ Resolved	Reply to this comment
Committed to HEAD and FRAMEWORK_3 (soon to be Horde 3.2-RC2 and then Horde 3.2.0). Thanks!

12/20/2007 10:57:27 PM	Chuck Hagenbuch	Deleted Original Message

12/20/2007 06:22:29 PM	marco (at) csita (dot) unige (dot) it	Comment #5 New Attachment: ldap.php[1].patch	Reply to this comment
Does specifying the list of attributes to fetch cause any problems if those attributes don't exist? According to RFC 2251 if "there are attribute descriptions in the list which are not recognized, they are ignored by the server." However, I test the code with OpenLDAP and Fedora DS without trouble. Please avoid code for "shouldn't happen" situations. If a specific potential fault is being protected against, the comment should indicate that. Should it really be a login failure if there's bad data in this field? You are right. I think as LDAP administrator, for which a wrong data format is a serious trouble. But final user don't care about it. Instead of raising an error, I log a message. Also, please use pcre (preg_match) instead of ereg in all Horde code - it's much faster. If you could take a quick read through horde/docs/CODING_STANDARDS that would be wonderful, for this or future contributions, but I can fix this patch (whitespace mostly) as it's small. Done.

12/17/2007 04:18:50 AM	Chuck Hagenbuch	Comment #4	Reply to this comment
Does specifying the list of attributes to fetch cause any problems if those attributes don't exist? Please avoid code for "shouldn't happen" situations. If a specific potential fault is being protected against, the comment should indicate that. Should it really be a login failure if there's bad data in this field? Also, please use pcre (preg_match) instead of ereg in all Horde code - it's much faster. If you could take a quick read through horde/docs/CODING_STANDARDS that would be wonderful, for this or future contributions, but I can fix this patch (whitespace mostly) as it's small.

12/17/2007 03:12:47 AM	Chuck Hagenbuch	Deleted Original Message

12/16/2007 01:10:55 PM	marco (at) csita (dot) unige (dot) it	Comment #3 New Attachment: ldap.php.patch	Reply to this comment
Sorry, I've some trouble in matching my system with your bugtrak service... The right patch is this and it is for lib/Horde/Auth/ldap.php, not for the password changer driver.

12/15/2007 06:53:10 PM	Chuck Hagenbuch	Comment #2 State ⇒ Feedback	Reply to this comment
I'm not sure why this would be in the smbldap driver, instead of the regular one?

12/15/2007 12:36:33 PM	marco (at) csita (dot) unige (dot) it	Comment #1 Priority ⇒ 1. Low State ⇒ New New Attachment: smbldap.php.patch Queue ⇒ Horde Framework Packages Summary ⇒ Password expiration for Sun/Fedora Directory Server Type ⇒ Enhancement	Reply to this comment
Fedora and Sun Directory Server uses a special operational attribute to record password expiration date. I submit a patch to use this attribute to warn the user about password expiration. This solution is not perfect, because: - password policy shoul be read from LDAP server instead of Horde configuration - Fedora/Sun Directory Server provide a grace period in which you can authenticate after expiration; in this time your messages present a negative number of remaining days. Cheers, Marco.