> cool solutions home   > cool tools home
LDAP Expired Password
LDAP tool for determining remaining Grace Logins.
Reader Rating    from ratings rate this article
View a Printer Friendly Version of this Page Send this page to a friend
Posted: 26 Oct 2004
File Size: 112KB
License: GPL
Download 1:  Grace Remaining.sh & Password Expire.app (for Mac OS X)
Publisher: Randy Saeks
E-mail: rsaeks@TAKETHISOUTglenbrook.k12.il.us
Please read the note from our friends in legal before using this file.

When logging in via LDAP though eDirectory, certain machines will not know if the users password has expired. This is a program that will query the LDAP server for a value, then if it is below the grace logins, alert the user.

To use this program, the machine it is installed on must be configured for LDAP authentication. On the LDAP Server Group, create an LDAP mapping to the eDirectory Login Grace remaining. This will the attribute that will be searched. In the Grace Remaining - template.sh file, there are comments for you to put in the information that is specific to your setup. This includes the LDAP server, uid LDAP mapping, log path, Application / Script to run, grace login set point and others.

This script is best run as a LoginHook or with another script at login. The template, working example for my setup, Executable program, as well as the Source for the program are included and commented. The Program is an XCode project, which can be installed on any Mac OS X machine. This allows for the program to be edited and tweaked for a setup that will work well for users.

The ZIP file includes the template, as well as the working configuration that is used at my workplace. I also included the Password Expire Application and the XCode source.