I created a VB script that runs every morning against my LDAP and emails
users with notices at 20, 15, 10, 5, 4, 3, 2, 1, and Today intervals. I
hope that will reduce the calls to the help desk. I am afraid I will not
know until classes start up again as I am sure many will not check their
email over the summer. However, I may get a little insight as the next
instance from the last 90 day flux is about 6 weeks away still. . .

 
 
Thanks
 
 
 
Chris 
___________________________________ 
 
Chris Healey 
Capital University 
Office of Information Technology 
1 College and Main 
Columbus, OH 43209-2394 
614-236-6964 
Email:  [log in to unmask] 
___________________________________
 
"We are what we repeatedly do. Excellence,
then, is not an act, but a habit." 
-Aristotle 
___________________________________
 

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Isabelle Graham
Sent: Tuesday, May 06, 2008 10:37 AM
To: [log in to unmask]
Subject: Agent notification for LDAP password expiration

We are looking at developing a way to have the CCA Agent notify users at
log in of eminent password
expiration. Out authentication mechanism is LDAP and we have LDAP
attributes for password expiration
date and number of remaining grace logins. However, given the limited
boolean actions available for 
LDAP attributes, I don't see a way to have the warning only appear, say,
when the user's
password will expire in the next 7 days or the grace logins are below 5.
Has anyone else done
something similar? Any insight is appreciated.

Thanks!

-- 
Isabelle Graham
Information Security
American University