diff --git a/README.md b/README.md index bc8260ca26d3ca20cd909694c1ed566988c8d0a4..8f95b4a9a775bccda8ca3bc5218fb290c72d44c6 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,22 @@ -LDAP password expiry checker -============================ +# LDAP password expiry checker +LDAP Users must change their password regularly according to the password policy. -LDAP Users must change their password regularly according to the password -policy. +When the old password isn't valid anymore but hasn't been changed yet, there's a grace period of six logins before the account is suspended. The plugin shows a reminder before password expiration and another reminder if only less than six logins remain before account suspension because of password expiration. -When the old password isn't valid anymore but hasn't been changed yet, there's -a grace period of six logins before the account is suspended. The plugin shows -a reminder before password expiration and another reminder if only less than -six logins remain before account suspension because of password expiration. +##Configuration +The Plugin provides six entries in Stud.IP global configuration, all in the section 'ldappasswordexpiryplugin': +- *LDAPPASSWORDEXPIRYPLUGIN_AUTHPLUGINS* + Comma-separated list of Stud.IP auth plugins that shall be monitored by this plugin. +- *LDAPPASSWORDEXPIRYPLUGIN_GRACELOGINATTRIBUTE* + Name of the LDAP attribute that is used for storing how many grace logins remain until the account is suspended after password expiration. Leave empty if not applicable. + Default is "loginGraceRemaining". +- *LDAPPASSWORDEXPIRYPLUGIN_LOGINLIMITATTRIBUTE* + Name of the LDAP attribute that stores the number of grace logins a user has after password expiration. Leave empty if not applicable. + Default is "loginGraceLimit". +- *LDAPPASSWORDEXPIRYPLUGIN_PASSWORDCHANGEURL* + URL of a website where users can change their current password. Leave empty if not applicable. +- *LDAPPASSWORDEXPIRYPLUGIN_PASSWORDEXPIRYATTRIBUTE* + Name of the LDAP attribute that shows the password expiry date. +- *LDAPPASSWORDEXPIRYPLUGIN_WARNINGDAYSBEFORE* + How many days before password expiration shall the warning message appear? + Default is 7 (one week).