Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Grace Logins LDAP and GW

149 views
Skip to first unread message

a...@novell.com

unread,
Aug 31, 2010, 3:21:11 PM8/31/10
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

First, a "grace login" is a login that happens AFTER a password is
expired. It is a way to help in situations where for some reason the end
user doesn't do what they should do and change their password BEFORE it
expires. Seen in this light the workaround is easy: notify users of
impending password expiration before that date arrives, and then yell at
them when they ignore those warnings for weeks on end. There are tools to
let you periodically (daily usually) check for upcoming expiration times
so that emails (if the e-mail attribute is populated properly in eDir,
which is likely is if you are using GroupWise) can be sent to the users
proactively. They then change passwords before the end date and all is well.

Does GW use LDAP? If it is configured for LDAP authentication then it
will but otherwise GW does not ever use LDAP. Many customers opt to use
LDAP authentication, though, as it makes life easier in most cases.

Google for the following for ways to notify users of expiring passwords:

password expiration notification site:novell.com

Good luck.

On 08/31/2010 01:06 PM, dschaldenovell wrote:
>
> We have a situation with Grace Logins, GroupWise and LDAP. Here is the
> situation as I know of it right now.
>
> When a user is faced with the screen telling them that their password
> is expired, they have the option to Cancel out of the prompt which
> informs them that they will be using Grace Logins, (4 Grace Logins left
> after the initial error message). next as the computer boots up it takes
> the user to their email, when they log into the email (Which uses LDAP
> Authentication at the post office level) they are informed that they
> need to change their password, and that they are unable to change the
> password from GroupWise (The customer only wishes to have users change
> their password at one location) thus the user cancels the password
> change window prompt, (it might pop-up a couple of times) at that point
> their Grace Logins have been used up and the next time that they log in
> they have used up grace Logins.
>
> Can some explain why GroupWise would be using up the Grace Logins, and
> what correlation there is between LDAP and GW?
>
> If memory serves, e-Directory understand what Grace Logins means, but
> LDAP does not, is that correct?
>
> DS
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMfVYnAAoJEF+XTK08PnB5WfQQAKlSr8JbasxKFM/f79gJCDKh
63KB0htucp+6a4p02RLJSbel8Kf40LDPjdaOUuz2+Z8bCb67hVVKgk7DgWpUV9BC
M6iRRPFZAa57pJXGb0rvIL7Zb/Suoe/bgGm/C7SEQHma8A5RBl5toecB3KDpBHLR
BS6CE2+4URlWAQ+RVHlqARjg6ToWA3csv2vYs3D4MDwIpVCzfK2ndJxrfVIeDEcn
yQ7+Qg9z6M9+bHQOu6xeQ7oYNthMYsAhoH2kxtvgPiMOPAd+bmGkIQTyq4qDJfLw
Bv5CMORiA6EorsbD/nnM6gF+0T8woCc5QmbxKwaPV+Rdks823Cue7/NoZW4RdUGe
xgsIFHTPtBn594SdCbDCcHytpRjBb/+ECjbuqMx/1S3tGiqcXzV4oUDSmARWmdKt
yR38clQJJ+9LcA4FSkuLkP2DfO3Lz272w/LcDl8HvAsu+Ju0BTMIFtX0qOVan0ke
Z+M+zheE+vUd/BH4tmLaiKtdWNCnN1V7fTndAyNd7SS7aX7vyKGGMDjwuVhv9yr2
3teKDNYoyaxBnVmv7+tBbRXxhM+Q2+fYe93TAZnvNkAMpqto1MO/a16VzRiwo4j5
j8QvOQjVmm+PgK08ljsNvXEs1S7j8pbbLT6Pq6e1tfmFa//BT3px4cA83cxzJTIT
VcNkjrGiO1cVOMYOY+n7
=wi/l
-----END PGP SIGNATURE-----

Edward van der Maas

unread,
Aug 31, 2010, 8:09:24 PM8/31/10
to
Edward van der Maas wrote:


> With GroupWise you can either do a bind or a compare to the LDAP
> server. When using a bind it means a grace login will be consumer
> after that password has expired. When you do a compare the grace
> login will not be used.

Forget to say, the default behaviour is 'bind'

--
Cheers,
Edward

Edward van der Maas

unread,
Aug 31, 2010, 8:08:57 PM8/31/10
to
dschaldenovell wrote:

>
> We have a situation with Grace Logins, GroupWise and LDAP. Here is
> the situation as I know of it right now.
>
> When a user is faced with the screen telling them that their password
> is expired, they have the option to Cancel out of the prompt which
> informs them that they will be using Grace Logins, (4 Grace Logins
> left after the initial error message). next as the computer boots up
> it takes the user to their email, when they log into the email (Which
> uses LDAP Authentication at the post office level) they are informed
> that they need to change their password, and that they are unable to
> change the password from GroupWise (The customer only wishes to have
> users change their password at one location) thus the user cancels
> the password change window prompt, (it might pop-up a couple of
> times) at that point their Grace Logins have been used up and the
> next time that they log in they have used up grace Logins.
>
> Can some explain why GroupWise would be using up the Grace Logins, and
> what correlation there is between LDAP and GW?

With GroupWise you can either do a bind or a compare to the LDAP


server. When using a bind it means a grace login will be consumer after
that password has expired. When you do a compare the grace login will
not be used.


--
Cheers,
Edward

0 new messages