ldap password expiry

Unanswered Question
Oct 24th, 2007
User Badges:

Hi,


We have an ASA5520 configured with SSL VPN and Windows AD LDAP authentication. Users can authenticate if their password has not expired. How can i configure in such a way that the users are prompted to change their password when they connect thru SSL?


Thanks,

Ed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Wed, 10/24/2007 - 06:52
User Badges:
  • Blue, 1500 points or more

Hi Ed,


I haven't figure that yet, but I have an alternative. I use this freely available utility to inform the user by email when their password is expiring 9-5-3 days.


1. Script to notify users

http://www.windowsitpro.com/Article/ArticleID/46819/46819.html

http://www.windowsitpro.com/articles/download/rptpaswdchange.zip


2. Setup IISADMPWD in the AD server where the users can change their passwords after successful login. Search IISADMPWD in MS Knowledgebase. Please make a copy of the IISADMPWD directory out of Windows System directory to maybe drive D.


ITEM 1 running in Task Scheduler daily should sent an email to the users telling them that their password is expiring 9-5-3 days later. To change, they have to successfully login first to access ITEM 2 using HTTPS (please).


You can be creative and create a nice email template for ITEM 1. Maybe use [email protected] sender email address pointing them to the URL in ITEM 2. ITEM 2 URL web page should be edited, you may put a note on password policy.


Regards,

DandyHi Ed,


I haven't figure that yet, but I have an alternative. I use this freely available utility to inform the user by email when their password is expiring 9-5-3 days.


1. Script to notify users

http://www.windowsitpro.com/Article/ArticleID/46819/46819.html

http://www.windowsitpro.com/articles/download/rptpaswdchange.zip


2. Setup IISADMPWD in the AD server where the users can change their passwords after successful login. Search IISADMPWD in MS Knowledgebase. Please make a copy of the IISADMPWD directory out of Windows System directory to maybe drive D.


ITEM 1 running in Task Scheduler daily should sent an email to the users telling them that their password is expiring 9-5-3 days later. To change, they have to successfully login first to access ITEM 2 using HTTPS (please).


You can be creative and create a nice email template for ITEM 1. Maybe use [email protected] sender email address pointing them to the URL in ITEM 2. ITEM 2 URL web page should be edited, you may put a note on password policy.


Regards,

Dandy

Actions

This Discussion