ldap password expiry

Unanswered Question
Oct 24th, 2007

Hi,


We have an ASA5520 configured with SSL VPN and Windows AD LDAP authentication. Users can authenticate if their password has not expired. How can i configure in such a way that the users are prompted to change their password when they connect thru SSL?


Thanks,

Ed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Wed, 10/24/2007 - 06:52

Hi Ed,


I haven't figure that yet, but I have an alternative. I use this freely available utility to inform the user by email when their password is expiring 9-5-3 days.


1. Script to notify users

http://www.windowsitpro.com/Article/ArticleID/46819/46819.html

http://www.windowsitpro.com/articles/download/rptpaswdchange.zip


2. Setup IISADMPWD in the AD server where the users can change their passwords after successful login. Search IISADMPWD in MS Knowledgebase. Please make a copy of the IISADMPWD directory out of Windows System directory to maybe drive D.


ITEM 1 running in Task Scheduler daily should sent an email to the users telling them that their password is expiring 9-5-3 days later. To change, they have to successfully login first to access ITEM 2 using HTTPS (please).


You can be creative and create a nice email template for ITEM 1. Maybe use [email protected] sender email address pointing them to the URL in ITEM 2. ITEM 2 URL web page should be edited, you may put a note on password policy.


Regards,

DandyHi Ed,


I haven't figure that yet, but I have an alternative. I use this freely available utility to inform the user by email when their password is expiring 9-5-3 days.


1. Script to notify users

http://www.windowsitpro.com/Article/ArticleID/46819/46819.html

http://www.windowsitpro.com/articles/download/rptpaswdchange.zip


2. Setup IISADMPWD in the AD server where the users can change their passwords after successful login. Search IISADMPWD in MS Knowledgebase. Please make a copy of the IISADMPWD directory out of Windows System directory to maybe drive D.


ITEM 1 running in Task Scheduler daily should sent an email to the users telling them that their password is expiring 9-5-3 days later. To change, they have to successfully login first to access ITEM 2 using HTTPS (please).


You can be creative and create a nice email template for ITEM 1. Maybe use [email protected] sender email address pointing them to the URL in ITEM 2. ITEM 2 URL web page should be edited, you may put a note on password policy.


Regards,

Dandy

Actions

This Discussion