| Key: |
QB-2749
|
| Type: |
Improvement
|
| Status: |
Resolved
|
| Resolution: |
Fixed
|
| Priority: |
Minor
|
| Assignee: |
Unassigned
|
| Reporter: |
Tim Earle
|
| Votes: |
0
|
| Watchers: |
0
|
|
If you were logged in you would be able to see more operations.
|
|
|
QuickBuild
Created: 27/Jun/16 12:05 PM
Updated: 13/Jan/17 02:02 PM
|
|
| Component/s: |
None
|
| Affects Version/s: |
6.1.12
|
| Fix Version/s: |
7.0.0
|
|
|
Original Estimate:
|
Unknown
|
Remaining Estimate:
|
Unknown
|
Time Spent:
|
Unknown
|
|
|
Most LDAP services provide the option to set an attribute for the password/account expiration date. Being able to embed a script into the User Search Filter field would allow the administrator to deny access to QB based on this field. An example using freeIPA for DS:
This:
(&(uid={0})(objectclass=inetorgperson))
Could Be:
(&(uid={0})(objectclass=inetorgperson)(krbPasswordExpiration>${util.formatDate(new Date(),"%Y%m%d%H%M%SZ")}))
An alternative approach would be to set the account or password expiration date via a helper field, similar to "User full name attribute" and "User email attribute."
Add a new field called "Password Expiration Date Attribute" that would receive "krbPasswordExpiration" in this case or a boolean attribute indicating if the account is locked or not.
|
|
Description
|
Most LDAP services provide the option to set an attribute for the password/account expiration date. Being able to embed a script into the User Search Filter field would allow the administrator to deny access to QB based on this field. An example using freeIPA for DS:
This:
(&(uid={0})(objectclass=inetorgperson))
Could Be:
(&(uid={0})(objectclass=inetorgperson)(krbPasswordExpiration>${util.formatDate(new Date(),"%Y%m%d%H%M%SZ")}))
An alternative approach would be to set the account or password expiration date via a helper field, similar to "User full name attribute" and "User email attribute."
Add a new field called "Password Expiration Date Attribute" that would receive "krbPasswordExpiration" in this case or a boolean attribute indicating if the account is locked or not. |
Show » |
|
allow embedding scripts on LDAP user filter