如何区分 ldap 中的锁,是某些管理员用户手动锁定还是由于密码尝试错误?
[英]How to distinguish the lock in ldap, whether it is locked manually by some admin user or is it due to incorrect password attempts?
问题描述
I have a requirement that user account will be locked if user tries with multiple incorrect password and alternatively admin can also lock the account, for incorrect pwd attempts I can use the attribute "pwdAccountLockedTime" but is there any recommendation for the admin lock?
我有一个要求,如果用户尝试使用多个不正确的密码,用户帐户将被锁定,或者管理员也可以锁定帐户,对于不正确的 pwd 尝试,我可以使用属性“pwdAccountLockedTime”,但对管理员锁定有什么建议吗?
1 个解决方案
解决方案1
1 2022-08-30 07:55:01
Generally, depending on your schema and password Policy, and as used within the popular slapo-ppolicy - Password Policy overlay and as defined in the " Draft-behera-ldap-password-policy "通常,取决于您的架构和密码策略,并在流行的 slapo-ppolicy - 密码策略覆盖中使用,并在“ Draft-behera-ldap-password-policy ”中定义
pwdAccountLockedTime
This attribute contains the time that the user's account was locked.
If the account has been locked, the password may no longer be used to
authenticate the user to the directory. If pwdAccountLockedTime is set
to 000001010000Z, the user's account has been permanently locked and
may only be unlocked by an administrator.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.