You are not logged in. Please login or register.
iRedMail → iRedMail Support → Force Users to change password in 90 days???
http://www.iredmail.org/wiki/index.php? … in.90.Days
Any for LDAP??? Seems not shown in the wiki.
----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.
You can try OpenLDAP password policy overlay: ppolicy.
Reference:
http://www.openldap.org/doc/admin24/ove … figuration
Roundcube will store password last change date in OpenLDAP by default since iRedMail-0.7.0, personally, i think a simple cron job is easier:
- Create a script to query OpenLDAP server, get list of users which didn't change password or is about to expire in 7 days.
- Send notification emails to these users, ask them to change password in time.
If you want to force users to change password after password expired:
- Create a script to query OpenLDAP server, get list of users which didn't change password or is about to expire in 7 days.
- Send notification emails to these users, ask them to change password in time.
- If password expired, store a special value in user objects. For example, enabledService=pwdexpired, or enabledService=forcechpwd, etc.
- Add addition LDAP query (query added special value) in Postfix like MySQL solution you mentioned in post, force them to change password while they trying sending out emails via SMTP service. Users can still fetch mails via POP3/IMAP this way.
After apply ppolicy on ldap, do i need to apply roundcube also? And will it apply to the iredadmin also??
About the roundcube. should I update the latest roundcube to make it save on ldap by default. Please advise. Thanks.
After apply ppolicy on ldap, do i need to apply roundcube also? And will it apply to the iredadmin also??
You HAVE TO config Roundcube to store password last change date in OpenLDAP, so that ppolicy overlay can read it.
About the roundcube. should I update the latest roundcube to make it save on ldap by default.
iRedMail supports this feature since iRedMail-0.7.0, reference: http://iredmail.org/wiki/index.php?titl … .6.1-0.7.0 (Search Roundcube in this upgrade tutorial)
Not sure the version of Roundcube you used support this feature, please check its config file (roundcubemail-x.y.z/plugins/password/config.inc.php) to verify it. If it doesn't support this feature, you'd better upgrade Roundcube manually.
Thanks Michael.
The $rcmail_config['password_ldap_lchattr'] = 'shadowLastChange'; required upgrade roundcube mail to newer version. For old version of iredmail pro 1.3 on RHEL, it need to upgrade the php from 5.1X to 5.2 first. For 5.2 php, phpldapadmin from
From
protected function draw_dn($dn,$level=0,$first_child=true,$last_child=true) {
To
protected function draw_dn($dn,$level,$first_child=true,$last_child=true) {
The address format is int time() / 86400 = 5 digits int store in shadowLastChange.
But I have a question. If the password change from iredadmin, how can we save to shadowLastChange? Any idea? please advise. Thanks.
The address format is int time() / 86400 = 5 digits int store in shadowLastChange.
That's correct. The integer number is number of days since Jan 01, 1970.
But I have a question. If the password change from iredadmin, how can we save to shadowLastChange? Any idea?
iRedAdmin-Pro-LDAP stores shadowLastChange after resetting user password since version 1.5.0, store 'shadowLastChange=0' for newly created mail account since version 1.6.0.
iRedAdmin-Pro-MySQL will store password last change date in column mailbox.passwordlastchange in next release, version 1.3.1 (maybe 1.4.0).
iRedMail → iRedMail Support → Force Users to change password in 90 days???
Powered by PunBB, supported by Informer Technologies, Inc.
Currently installed 2 official extensions. Copyright © 2003–2010 PunBB.
Generated in 0.009 seconds (67% PHP - 33% DB) with 11 queries