Mailing List CGatePro@mail.stalker.com Message #97282
From: <quinton.wells@ba.com>
Subject: Re: Password enforcement with external LDAP
Date: Fri, 20 Feb 2009 15:30:18 +0000
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Lotus Notes Release 7.0.2 September 26, 2006

Steven
I don't know whether our password 'solution' is 'out of the box' or developed 'in house', unfortunately.
We have a large number of 'applications', of which CGP is only one, that are protected by this password 'solution'.
Quinton

"CommuniGate Pro Discussions" <CGatePro@mail.stalker.com> wrote on 20/02/2009 15:22:05:

>
> Steven
> Here we do not use CGP passwords, we use external passwords via LDAP
> (I believe).
> The password is used to access our intranet, which then lets people
> through (to their CGP account) once they've authenticated.
> Password expiry/policy control etc is totally outside CGP.
> Quinton
>
> "CommuniGate Pro Discussions" <CGatePro@mail.stalker.com> wrote on
> 20/02/2009 14:10:08:
>
> > Hello all. I've been scouring the list archives for the last two
> > days, and I can't seem to find the answer I need. Forgive me if I
> > missed something that's already been posted.
> >  
> > Ok, my main goal with CGP is password policy, password aging, etc.
> > Here is what I have so far:
> >  
> > 1. External LDAP server with which I can authenticate to using
> > authLDAPnew.pl and enabling External Authentication under "Helpers".
> > My test account is set to not use CGP password, and allowed to use
> > external authentication. So far, this works perfectly. I am able to
> > log into web mail by authenticating to LDAP.
> > 2. I am using the password policy overlay on the LDAP server so I
> > can enforce password aging, etc.
> >  
> > I realized after getting this far that when I log in to my test
> > account via the web interface, I can no longer change my password.
> > It makes sense now after thinking about it, but this is where I'm
> > sort of stuck. It sort of defeats the purpose because I'll need my
> > customers to change their password every few months (not to mention
> > I'd like to test the policy from this account to ensure I can't use
> > simple passwords).
> >  
> > I assume that I need to set up some sort of web front end on the
> > LDAP box to facilitate password changes? Does anyone have any advice
> > on which direction I should head?
> >  
> > Thank you in advance,
> > - Steve


------------------------------------------------------------------------------------------------------------
Get the best from British Airways at ba.com
http://www.ba.com
--
This message is private and confidential and may also be legally privileged.  If you have received this message in error, please email it back to the sender and immediately permanently delete it from your computer system.  Please do not read, print, re-transmit, store or act in reliance on it or any attachments.

British Airways may monitor email traffic data and also the content of emails, where permitted by law, for the purposes of security and staff training and in order to prevent or detect unauthorised use of the British Airways email system.

Virus checking of emails (including attachments) is the responsibility of the recipient.

British Airways Plc is a public limited company registered in England and Wales.  Registered number: 1777777.  Registered office: Waterside, PO Box 365, Harmondsworth, West Drayton, Middlesex, England, UB7 0GB.

Additional terms and conditions are available on our website: www.ba.com
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster