0
Answer

LDAP security policy enforcement

anup daware

anup daware

16y
2.1k
1

In my ASP.Net project we use LDAP for authentication purposes. I want to enforce following security policies.

  1. Mandatory password change at the time of first login
  2. Mandatory password change after specific time

My question is, is there any way I can delegate this policy enforcement on LDAP side, so when user tries to log in for the first time if LDAP throws some error code which signifies that this login is used for the first time, similarly if user has not changed the password since say for one month, at the time of login if LDAP can throw some other kind of error code to indicate this policy.

So basically, can LDAP enforce these policies and send the error code accordingly? Or this information has to me maintained in the application logic only using the database?

Thanks in Advance,

Anup