Improvements for the accounts class

Lars_Kneschke-2 2008-02-20 06:10:05 UTC #1

I’m currently improving the Tine 2.0 SQL accounts class which is directly
modeled after the accounts class from eGW 1.x. While thinking about the
current implementation I discovered some things I would like to improve.

1.) If an account is able to change his password or not, is stored in the
preferences table. I will move this information to the accounts table. This
way we can implement the same feature also for the ldap accounts backend, to
be compatible with the shadow objectclass.

2.) Currently the login failures get logged to the egw_accesslog table.
That’s ok. But this information is also used to detect if an account is
blocked, because of to much login failures. If you want to unblock an
blocked account, you need to delete the rows from the egw_accesslog table.
This makes it really tough for a normal admin to remove the blocking. I will
extend the egw_accounts table to have a timestamp until when an account is
blocked. This way we can easily check if an account is blocked and also
easily remove this blocking.

3.) Expire passwords. I’ll also extend the egw_accounts table to handle
expire informations for passwords. This has also something todo with topic
1.) This way we will be able to define after which time an user CAN change
his password(maybe never) and until which time an user NEEDS to change his
password(maybe now).

After I have implemented it for the Tine 2.0 codebase, it could also be
implemented in the eGW 1.x codeline. Maybe these are good topics where we
can start trying to work togehter, as both projects will benefit from these
changes.

Lars Kneschke
CTO OfficeSpot.Net
Metaways Infosystems GmbH
Pickhuben 2-4, D-20457 Hamburg

eGroupWare Support: http://www.egroupware-support.net
OfficeSpot.Net Collaboration Server: http://cs.officespot.net
our ideas for eGroupWare: http://www.tine20.org

E-Mail: mailto:l.kneschke@metaways.de
Web: http://www.metaways.de
Tel: +49 (0)40 317031-21
Fax: +49 (0)40 317031-921
Mobile: +49 (0)175 9304324

Metaways Infosystems GmbH - Sitz: D-22967 Tremsbüttel
Handelsregister: Amtsgericht Ahrensburg HRB 4508
Geschäftsführung: Hermann Thaele, Lüder-H.Thaele

Nathan_Gray-2 2008-02-20 15:19:49 UTC #2

…
2.) Currently the login failures get logged to the egw_accesslog
table. That’s ok. But this information is also used to detect if an
account is blocked, because of to much login failures. If you want
to unblock an blocked account, you need to delete the rows from the
egw_accesslog table. This makes it really tough for a normal admin
to remove the blocking. I will extend the egw_accounts table to have
a timestamp until when an account is blocked. This way we can easily
check if an account is blocked and also easily remove this blocking.

Can you also put the reason somewhere? There have been times I want
to manually block a person.
“This account has been blocked for 1 hour. Use this time to read the
manual.”

3.) Expire passwords. I’ll also extend the egw_accounts table to
handle expire informations for passwords. This has also something
todo with topic 1.) This way we will be able to define after which
time an user CAN change his password(maybe never) and until which
time an user NEEDS to change his password(maybe now).

That would be nice as well.

Nathan Gray
nathan at goarctic dot com

Extra punctuation??? Ug!!!
Just say no! Punctuation marks do not gain significance if you
increase their number, they make you look silly. One is sufficient.

This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft® Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

eGroupWare-developers mailing list
eGroupWare-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-developers

Lars_Kneschke-2 2008-02-20 15:23:18 UTC #3

“Nathan Gray” nathan@goarctic.com schrieb:

…
2.) Currently the login failures get logged to the egw_accesslog
table. That’s ok. But this information is also used to detect if an
account is blocked, because of to much login failures. If you want
to unblock an blocked account, you need to delete the rows from the
egw_accesslog table. This makes it really tough for a normal admin
to remove the blocking. I will extend the egw_accounts table to have
a timestamp until when an account is blocked. This way we can easily
check if an account is blocked and also easily remove this blocking.

Can you also put the reason somewhere? There have been times I want
to manually block a person.
“This account has been blocked for 1 hour. Use this time to read the
manual.”

Good idea!

I thought about adding a description field to accounts in general.
Descriptions are supported by LDAP to.

Would that fulfil your requirement too?

–
Lars Kneschke
CTO OfficeSpot.Net
Metaways Infosystems GmbH
Pickhuben 2-4, D-20457 Hamburg

eGroupWare Support: http://www.egroupware-support.net
OfficeSpot.Net Collaboration Server: http://cs.officespot.net
our ideas for eGroupWare: http://www.tine20.org

E-Mail: mailto:l.kneschke@metaways.de
Web: http://www.metaways.de
Tel: +49 (0)40 317031-21
Fax: +49 (0)40 317031-921
Mobile: +49 (0)175 9304324

Metaways Infosystems GmbH - Sitz: D-22967 Tremsbüttel
Handelsregister: Amtsgericht Ahrensburg HRB 4508
Geschäftsführung: Hermann Thaele, Lüder-H.Thaele

This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft® Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

eGroupWare-developers mailing list
eGroupWare-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-developers