EJB programming & troubleshooting: Websphere Portal need to use Grace_Login from AD
I have a problem: when users of the Websphere Portal dont change their password before it expirces (dumb users) they cannot login. I have found that there is a field in AD called Grace_Login which will allow a users with an expired password to login X times where X is the value of grace_login. My question is how do I make WPS make use of it, when all I can see is going on when a user logs in is:
- Posted by: Dag Nattland
- Posted on: September 30 2005 10:23 EDT
<form method="POST" autocomplete="off" action='<wps:url command="LoginUser" />' enctype="application/x-www-form-urlencoded" name="LoginPage">
Hope for a clever and as effort less as possible solution!
Is there nobody that knows anything about the websphere Portal login module?
I really doubt it knows all about the grace login period.. I believe that it only does an Ldap BIND, or an LDAP search, then password compare and nothing more (hence it doesn't care about the grace_login attribute).
If active directory still allows you to do a bind of the user, or an ldapsearch/password compare even when the password has expired (up to the grace period time) - then you can easily add additional rules by extending LoginUserAuth.
yes you are right, however GraceLoginsAllowed is an Active Directory Service Interface accessable through IADsUser property and not available as an AD attribute. Does this mean that the grace login functionality still will be supported by AD or must it be programmed or is it only available through VB or C?
AD is not able to use GraceLoginsAllowed as it is only available in AD service Interface (ADSI), http://chineseinnorthamerica.com/technical/active%20directory/adsi%20ldap%20user%20management.html and I dont think ADSI is supported by WPS.
Is it not normal functionality to be able to login with an AD user even when the passord has expired? The user should be able to login to WPM even when the password has expired.