asp.net pdf reader : Change font size in pdf text box SDK application API wpf html azure sharepoint j-sa-sslvpn-7.1-adminguide19-part736

NT4GroupLookupRequirements
TheSASeriesSSLVPNAppliancesupportsgrouplookupintheDomainLocalandDomain
Globalgroupscreatedinthedefaultdomain,aswellasallchild,andothertrusted
domains.TheSASeriesSSLVPNApplianceobtainsDomainGlobalgroupinformation
fromtheuser’ssecuritycontext,andDomainLocalinformationusingRPCcalls.TheSA
SeriesSSLVPNApplianceusesnoLDAP-basedsearchcallsintheNT4environment.
Related
Documentation
UsingActiveDirectoryorNTDomainsonpage149
CertificateServer
Thecertificateserverfeatureallowsuserstoauthenticatebasedonattributescontained
inclient-sidecertificates.Youmayusecertificateserverbyitselforinconjunctionwith
anotherservertoauthenticateusersandmapthemtoroles.
Forexample,youmaychoosetoauthenticateuserssolelybasedontheircertificate
attributes.IftheSAdeterminesthattheuser’scertificateisvalid,itsignstheuserinbased
onthecertificateattributesyouspecifyanddoesnotprompttheusertoenterausername
orpassword.
Or,youmaychoosetoauthenticateusersbypassingtheirclient-sidecertificateattributes
toasecondauthenticationserver(suchasLDAP).Inthisscenario,thecertificateserver
firstdeterminesiftheuser’scertificateisvalid.Then,theSASeriesAppliancecanuse
realm-levelrole-mappingrulestocomparethecertificateattributeswiththeuser’sLDAP
attributes.Ifitcannotfindthepropermatch,theSASeriesAppliancecandenyorlimit
theuser’saccessbasedonyourspecifications.
NOTE: Whenusingclient-sidecertificates,westronglyrecommendthatyou
trainyourend-userstoclosetheirWebbrowsersaftersigningoutoftheSA
SeriesAppliance.Iftheydonot,otherusersmaybeabletousetheiropen
browsersessionstoaccesscertificate-protectedresourcesontheSASeries
Appliancewithoutre-authenticating.(Afterloadingaclient-sidecertificate,
bothInternetExplorerandNetscapecachethecertificate’scredentialsand
privatekey.Thebrowserskeepthisinformationcacheduntiltheusercloses
thebrowser(orinsomecases,untiltheuserrebootstheworkstation).For
details,see:http://support.microsoft.com/?kbid=290345.)Toremindusers
toclosetheirbrowsers,youmaymodifythesignoutmessageinthe
Authentication>Authentication>SigningInPagestab.
Related
Documentation
ConfiguringUserSignInPoliciesonpage242
ConfiguringaCertificateServerInstanceonpage156
TaskSummary:ConfiguringAuthenticationServersonpage143
155
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
Change font size in pdf text box - Compress reduce PDF size in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
C# Code & .NET API to Compress & Decompress PDF Document
change font size pdf form reader; compress pdf
Change font size in pdf text box - VB.NET PDF File Compress Library: Compress reduce PDF size in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Compression and Decompression Control SDK
pdf page size limit; reduce pdf file size
ConfiguringaCertificateServerInstance
WhendefiningacertificateserverontheSA,youmustperformthefollowingsteps:
1.
UsesettingsintheSystem>Configuration>Certificates>CACertificatestabto
importtheCAcertificateusedtosigntheclient-sidecertificates.
2.
Createacertificateserverinstance:
a.
NavigatetoAuthentication>Auth.Servers.
b.
SelectCertificateServerfromtheNewlist,andthenclickNewServer.
c.
Specifyanametoidentifytheserverinstance.
d.
IntheUserNameTemplatefield,specifyhowtheSAshouldconstructausername.
Youmayuseanycombinationofcertificatevariablescontainedinanglebrackets
andplaintext.
NOTE: Ifyouchooseacertificateattributewithmorethanonevalue,
theSAusesthefirstmatchedvalue.Forexample,ifyou
enter<certDN.OU>andtheuserhastwovaluesfortheattribute
(ou=management,ou=sales),theSAusesthe“management”value.
Touseallvalues,addtheSEPattributetothevariable.Forexample,
ifyouenter<certDN.OUTSEP=”:”>theSAuses“management:sales”.
e.
ClickSaveChanges.Ifyouarecreatingtheserverinstanceforthefirsttime,the
SettingsandUserstabsappear.
3.
IfyouwanttoverifycertificateattributesagainstanLDAPserver,usesettingsinthe
Authentication>Auth.ServerspagetocreateanLDAPserverinstance.Notethatyou
mustusetheFindinguserentriessectionintheLDAPconfigurationpagetoretrieve
theuser-specificattributesthatyouwantverifythroughthecertificate.
4.
UsesettingsintheUsers>UserRealms>RealmName>GeneraltaborAdministrators
>AdminRealms>RealmName>Generaltabtospecifywhichrealmsshouldusethe
certificateservertoauthenticateusers.(Youmayalsousesettingsinthesetabsto
specifyrealmsthatshoulduseanLDAPservertoverifycertificateattributes.)
5.
UsesettingsintheAuthentication>Authentication>SigningInPoliciespageto
associatetherealmsconfiguredinthepreviousstepwithindividualsign-inURLs.
Related
Documentation
SpecifyingClient-sideCertificateRestrictionsonpage743
CertificateServeronpage155
UsingSystemVariablesinRealms,Roles,andResourcePoliciesonpage1022
Copyright©2012,JuniperNetworks,Inc.
156
JunosPulseSecureAccessServiceAdministrationGuide
C# PDF Text Box Edit Library: add, delete, update PDF text box in
Support to change font color in PDF text box. Ability to change text size in PDF text box. Adding text box is another way to add text to PDF page.
change font size fillable pdf; apple compress pdf
C# PDF Sticky Note Library: add, delete, update PDF note in C#.net
Allow users to add comments online in ASPX webpage. Able to change font size in PDF comment box. Able to save and print sticky notes in PDF file.
pdf file compression; pdf form change font size
UsinganLDAPServer
TheSASeriesSSLVPNAppliancesupportstwoLDAP-specificauthenticationoptions:
Unencrypted—inwhichtheSASeriesSSLVPNAppliancesendstheusernameand
passwordtotheLDAPDirectoryServiceinclear,simpletext.
LDAPS—inwhichtheSASeriesSSLVPNApplianceencryptsthedataintheLDAP
authenticationsessionusingSecureSocketLayer(SSL)protocolbeforesendingitto
theLDAPDirectoryService.
TheSASeriesSSLVPNApplianceperformssubstantialinputvalidationforthefollowing
items:
LDAPServer—TheSASeriesSSLVPNApplianceprovidesawarningiftheserveris
notreachable.
LDAPPort—TheSASeriesSSLVPNApplianceprovidesawarningiftheLDAPserver
isnotreachable.
Administratorcredentials—TheSASeriesSSLVPNAppliancegeneratesanerrorif
theverificationofadmincredentialsfails.
BaseDNforusers—TheSASeriesSSLVPNAppliancegeneratesanerrorifthe
base-levelsearchontheBaseDNvaluefails.
BaseDNforgroups—TheSASeriesSSLVPNAppliancegeneratesanerrorifthe
baselevelsearchontheBaseDNvaluefails.
Related
Documentation
TaskSummary:ConfiguringAuthenticationServersonpage143
DefininganLDAPServerInstanceonpage157
EnablingLDAPPasswordManagementonpage160
DefininganLDAPServerInstance
TodefineanLDAPserverinstance:
1.
Intheadminconsole,selectAuthentication>Auth.Servers.
2.
Dooneofthefollowing:
TocreateanewserverinstanceontheSASeriesSSLVPNAppliance,selectLDAP
ServerfromtheNewlistandthenclickNewServer.
Toupdateanexistingserverinstance,clicktheappropriatelinkinthe
Authentication/AuthorizationServerslist.
3.
Specifyanametoidentifytheserverinstance.
4.
SpecifythenameorIPaddressoftheLDAPserverthattheSASeriesSSLVPN
Applianceusestovalidateyourusers.
157
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
C# PDF Field Edit Library: insert, delete, update pdf form field
Support to change font size in PDF form. RasterEdge.Imaging.Font.dll. pdf"; String outputFilePath = Program.RootPath + "\\" Output.pdf"; List<BaseFormField
adjust size of pdf; best online pdf compressor
C# PDF Annotate Library: Draw, edit PDF annotation, markups in C#.
Support to add text, text box, text field and crop marks to PDF document. Able to edit and change PDF annotation properties such as font size or color.
change font size pdf comment box; change font size in pdf form
5.
SpecifytheportonwhichtheLDAPserverlistens.Thisportistypically389whenusing
anunencryptedconnectionand636whenusingSSL.
6.
SpecifyparametersforbackupLDAPservers(optional).TheSASeriesSSLVPN
Applianceusesthespecifiedserversforfailoverprocessing;eachauthentication
requestisfirstroutedtotheprimaryLDAPserverandthentothespecifiedbackup
server(s)iftheprimaryserverisunreachable.
NOTE: BackupLDAPserversmustbethesameversionastheprimary
LDAPserver.Also,werecommendthatyouspecifytheIPaddressofa
backupLDAPserverinsteadofitshostname,whichmayacceleratefailover
processingbyeliminatingtheneedtoresolvethehostnametoanIP
address.
7.
SpecifythetypeofLDAPserverthatyouwanttoauthenticateusersagainst.
8.
SpecifywhetherornottheconnectionbetweentheSASeriesSSLVPNAppliance
andLDAPDirectoryServiceshouldbeunencrypted,useSSL(LDAPs),orshoulduse
TLS.
9.
SpecifyhowlongyouwanttheSASeriesSSLVPNAppliancetowaitforaconnection
totheprimaryLDAPserverfirst,andtheneachbackupLDAPserverinturn.
10.
SpecifyhowlongyouwanttheSASeriesSSLVPNAppliancetowaitforsearchresults
fromaconnectedLDAPserver.
11.
ClickTestConnectiontoverifytheconnectionbetweentheSASeriesSSLVPN
ApplianceandthespecifiedLDAPserver(s).(optional)
12.
SelecttheAuthenticationrequired?checkboxiftheSASeriesSSLVPNAppliance
needstoauthenticateagainsttheLDAPdirectorytoperformasearchortochange
passwordsusingthepasswordmanagementfeature.Then,enteranadministrator
DNandpassword.
Forexample:<CN=Administrator,CN=Users,DC=eng,DC=Juniper,DC=com>
13.
UnderFindinguserentries,specifya:
BaseDNatwhichtobeginsearchingforuserentries.Forexample:
<DC=eng,DC=Juniper,DC=com>
14.
Filterifyouwanttofine-tunethesearch.Forexample:
<samAccountname=<username>or<cn=<username>>
Include<username>inthefiltertousetheusernameenteredonthesign-inpage
forthesearch.
Specifyafilterthatreturns0or1userDNsperuser;theSASeriesSSLVPNAppliance
usesthefirstDNreturnedifmorethan1DNisreturned.
15.
TheSASeriesSSLVPNAppliancesupportsbothstaticanddynamicgroups.(Note
thattheSASeriesSSLVPNApplianceonlysupportsdynamicgroupswithLDAP
servers.)Toenablegrouplookup,youneedtospecifyhowtheSASeriesSSLVPN
Copyright©2012,JuniperNetworks,Inc.
158
JunosPulseSecureAccessServiceAdministrationGuide
C# PDF insert text Library: insert text into PDF content in C#.net
Powerful .NET PDF edit control allows modify existing scanned PDF text. Ability to change text font, color, size and location and output a new PDF document.
change font size pdf text box; acrobat compress pdf
VB.NET PDF insert text library: insert text into PDF content in vb
Save text font, color, size and location changes to Other robust text processing features, like delete and remove PDF text, add PDF text box and field.
change file size of pdf; pdf page size
AppliancesearchestheLDAPserverforagroup.UnderDetermininggroupmembership,
specifya:
BaseDNatwhichtobeginsearchingforusergroups.
Filterifyouwanttofine-tunethesearchforausergroup.
MemberAttributetoidentifyallthemembersofastaticgroup.Forexample:
<member>
<uniquemember(iPlanet-specific)>
Reversegroupsearchtostartthesearchfromthememberinsteadofthegroup.
ThisoptionisavailableonlyforActiveDirectoryservertypes.
QueryAttributetospecifyanLDAPquerythatreturnsthemembersofadynamic
group.Forexample:
<memberURL>
NestedGroupLeveltospecifyhowmanylevelswithinagrouptosearchforthe
user.Notethatthehigherthenumber,thelongerthequerytime,sowerecommend
thatyouspecifytoperformthesearchnomorethan2levelsdeep.
NestedGroupSearchtosearchby:
NestedgroupsintheLDAPServerCatalog.Thisoptionisfasterbecauseitcan
searchwithintheimplicitboundariesofthenestedgroup.
Searchallnestedgroups.Withthisoption,theSASeriesSSLVPNAppliance
searchestheServerCatalogfirst.IftheSASeriesSSLVPNAppliancefindsno
matchinthecatalog,thenitqueriesLDAPtodetermineifagroupmemberisa
sub-group.
NOTE: BecausetheSASeriesSSLVPNAppliancelooksintheServer
Catalogtodetermineifamemberofaparentgroupisauserobjector
groupobject,youmustaddboththeparentandallchild(nested)groups
totheServerCatalog.
16.
UnderBindOptions,select:
Simplebindtosendauser’scredentialsintheclear(noencryption)totheLDAP
DirectoryService.
StartTLSbindtoencryptauser’scredentialsusingtheTransportLayerSecurity
(TLS)protocolbeforetheSASeriesSSLVPNAppliancesendsthedatatotheLDAP
DirectoryService.
17.
ClickSaveChanges.Ifyouarecreatingtheserverinstanceforthefirsttime,the
SettingsandUserstabsappear.
18.
Specifywhichrealmsshouldusetheservertoauthenticateandauthorize
administratorsandusers.
159
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
C# PDF Convert to Word SDK: Convert PDF to Word library in C#.net
PDF document, keeps the elements (like images, tables and chats) of original PDF file and maintains the original text style (including font, size, color, links
adjust pdf size; adjust size of pdf in preview
VB.NET PDF delete text library: delete, remove text from PDF file
Functionality to remove text format by modifying text font, size, color, etc. Other PDF edit functionalities, like add PDF text, add PDF text box and field.
batch reduce pdf file size; pdf file size limit
NOTE: TheSASeriesSSLVPNAppliancesupportsreferralchasingifenabled
onyourLDAPserver.
Related
Documentation
UsingtheLDAPServerCatalogonpage233
UsinganLDAPServeronpage157
TaskSummary:ConfiguringAuthenticationServersonpage143
ConfiguringLDAPSearchAttributesforMeetingCreators
UseoptionsintheMeetingstabtospecifyindividualLDAPattributesthatameeting
creatormayusetosearchforSASeriesuserswhenschedulingameeting.
ToconfigureSecureMeetingsearchattributes:
1.
Intheadminconsole,chooseAuthentication>Auth.Servers.
2.
ChoosetheMeetingstab.
3.
IntheUserNamefield,entertheusernameattributeforthisserver.Forexample,enter
SamAccountNameforanActiveDirectoryserveroruidforaniPlanetserver.
4.
IntheEmailAddressfield,entertheemailattributeforthisserver.
5.
IntheDisplayName,Attributesfield,enteranyadditionalLDAPattributeswhose
contentsyouwanttoallowmeetingcreatorstoview(optional).(Forexample,tohelp
themeetingcreatoreasilydistinguishbetweenmultipleinviteeswiththesamename,
youmaywanttoexposeanattributethatidentifiesthedepartmentsofindividual
users.)Entertheadditionalattributesoneperlineusingtheformat:
DisplayName,AttributeName.Youmayenterupto10attributes.
6.
ClickSaveChanges.
Related
Documentation
JunosPulseCollaborationOverviewonpage603
EnablingLDAPPasswordManagement
TheSASeriespasswordmanagementfeatureenablesuserswhoauthenticatethrough
anLDAPservertomanagetheirpasswordsthroughtheSASeriesSSLVPNAppliance
usingthepoliciesdefinedontheLDAPserver.Forexample,ifausertriestosignintothe
SASeriesSSLVPNAppliancewithanLDAPpasswordthatisabouttoexpire,theSA
SeriesSSLVPNAppliancecatchestheexpiredpasswordnotification,presentsittothe
userthroughtheSASeriesinterface,andthenpassestheuser’sresponsebacktothe
LDAPserverwithoutrequiringtheusertosignintotheLDAPserverseparately.
Users,administrators,andhelpdeskadministratorswhoworkinenvironmentswhere
passwordshavesetexpirationtimesmayfindthepasswordmanagementfeaturevery
helpful.Whenusersarenotproperlyinformedthattheirpasswordsareabouttoexpire,
Copyright©2012,JuniperNetworks,Inc.
160
JunosPulseSecureAccessServiceAdministrationGuide
theycanchangethemthemselvesthroughtheSASeriesSSLVPNApplianceratherthan
callingtheHelpDesk.
Thepasswordmanagementfeatureenablesuserstochangetheirpasswordswhen
promptedoratwill.Forexample,duringthesign-inprocess,theSASeriesAppliance
mayinformtheuserthathispasswordisexpiredorabouttoexpire.Ifexpired,theSA
SeriesAppliancepromptstheusertochangehispassword.Ifthepasswordhasnot
expired,theSASeriesAppliancemayallowtheusertosignintotheSASeriesAppliance
usinghisexistingpassword.Afterhehassignedin,hemaychangehispasswordfrom
thePreferencespage.
Onceenabled,theSASeriesApplianceperformsaseriesofqueriestodetermineuser
accountinformation,suchaswhentheuser’spasswordwaslastset,ifhisaccountis
expired,andsoforth.TheSASeriesAppliancedoesthisbyusingitsinternalLDAPor
Sambaclient.Manyservers,suchasMicrosoftActiveDirectoryorSuniPlanet,offeran
AdministrativeConsoletoconfigureaccountandpasswordoptions.
TheSASeriesApplianceenforcespasswordpoliciesbyreadingpasswordattributesfrom
theLDAPserver.Therefore,forpasswordmanagementtoworkcorrectly,passwordpolicy
attributesonbackendserverneedtobeconfiguredproperly.
ForActiveDirectory,passwordpolicyattributescanbeconfiguredintheuserentry
containerleveloranyorganizationlevelabovetheusercontainer.Iftheseattributes
areconfiguredatmultiplelevels,thelevelclosesttotheusernodetakesprecedence.
TheSASeriesSSLVPNAppliancedoesnotsupportcustomizedpasswordpolicies.
ThepasswordmanagementfeatureisnotsupportedontheActiveDirectoryGlobal
CatalogbecausepasswordpolicyattributesarenotfullypopulatedontheActive
DirectoryGlobalCatalog.
TheSASeriesSSLVPNAppliancereliesonthebackendservertopinpointthecauseof
errorwhenapasswordchangeoperationfails.However,whileLDAPserversmayreport
errorsaccuratelytohumanoperators,theydonotalwaysdosowhencommunicating
programmaticallytosystemsliketheSASeriesSSLVPNAppliance.Therefore,reported
errorsmayattimesbegenericorcryptic.
EnablingLDAPPasswordManagement
Toenablepasswordmanagement,youmustfirstcreateaninstanceofthetLDAPserver.
Next,youassociatedtheLDAPserverwiththeapplicablerealms.Fnally,youselectthe
enablepasswordmanagementfeatureattherealmlevel.
SupportedLDAPDirectoriesandServers
TheSASeriesSSLVPNAppliancesupportspasswordmanagementwiththefollowing
LDAPdirectories:
MicrosoftActiveDirectory/WindowsNT
SuniPlanet
NovelleDirectory
161
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
LDAP-basedPasswordManagementdoesnotworkongenericLDAPserverslike
OpenLDAP.
Additionally,theSASeriesSSLVPNAppliancesupportspasswordmanagementwith
thefollowingWindowsservers:
MicrosoftActiveDirectory
MicrosoftActiveDirectory2003
WindowsNT4.0
Thefollowingsectionslistspecificissuesrelatedtoindividualservertypes.
MicrosoftActiveDirectory
ChangesontheActiveDirectorydomainsecuritypolicymaytake5minutesormore
topropagateamongActiveDirectorydomaincontrollers.Additionally,thisinformation
doesnotpropagatetothedomaincontrolleronwhichitwasoriginallyconfiguredfor
thesametimeperiod.ThisisalimitationofActiveDirectory.
WhenchangingpasswordsinActiveDirectoryusingLDAP,theSASeriesSSLVPN
ApplianceautomaticallyswitchestoLDAPS,evenifLDAPSisnottheconfiguredLDAP
method.TosupportLDAPSontheActiveDirectoryserver,youmustinstallavalidSSL
certificateintotheserver’spersonalcertificatestore.Notethatthecertificatemustbe
signedbyatrustedCAandtheCNinthecertificate’sSubjectfieldmustcontainthe
exacthostnameoftheActiveDirectoryserver,forexample:adsrv1.company.com.To
installthecertificate,selecttheCertificatesSnap-InintheMicrosoftManagement
Console(MMC).
TheAccountExpiresoptionintheUserAccountPropertiestabonlychangeswhenthe
accountexpires,notwhenthepasswordexpires.MicrosoftActiveDirectorycalculates
thepasswordexpirationusingtheMaximumPasswordAgeandPasswordLastSet
valuesretrievedfromtheUserPolicyandDomainSecurityPolicyLDAPobjects.
Copyright©2012,JuniperNetworks,Inc.
162
JunosPulseSecureAccessServiceAdministrationGuide
SuniPlanet
WhenyouselecttheUsermustchangepasswordafterresetoptionontheiPlanet
server,youmustalsoresettheuser’spasswordbeforethisfunctiontakeseffect.This
isalimitationofiPlanet.
General
TheSASeriesSSLVPNApplianceonlydisplaysawarningaboutpasswordexpiryif
thepasswordisscheduledtoexpirein14daysorless.TheSASeriesSSLVPNAppliance
displaysthemessageduringeachSASeriessigninattempt.Thewarningmessage
containstheremainingnumberofdays,hours,andminutesthattheuserhastochange
hispasswordbeforeitexpiresontheserver.Thedefaultvalueis14days;however,you
maychangeitthroughtheAdministrators|Users>AdminRealms|UserRealms>
Authorization>Passwordconfigurationpageoftheadminconsole.
SupportedLDAPPasswordManagementFunctions
Thefollowingmatrixdescribesthepasswordmanagementfunctionssupportedby
JuniperNetworks,theircorrespondingfunctionnamesintheindividualLDAPdirectories,
andanyadditionalrelevantdetails.ThesefunctionsmustbesetthroughtheLDAP
serveritselfbeforetheSASeriesSSLVPNAppliancecanpassthecorresponding
messages,functions,andrestrictionstoend-users.
Table8:SupportedPasswordManagementFunctions
NovelleDirectory
iPlanet
ActiveDirectory
Function
userPassword
userPassword
unicodePwd
Authenticateuser
IfpasswordAllowChange
==TRUE
IfpasswordChange==ON
Servertellsusinbind
response(uses
ntSecurityDescriptor)
Allowusertochange
passwordifenabled
Yes
Yes
Yes
Logoutuserafter
passwordchange
IfpwdMustChange==
TRUE
IfpasswordMustChange==
ON
IfpwdLastSet==0
Forcepassword
changeatnextlogin
Checkdate/timevaluein
IfBindResponseincludes
OID
2.16.840.1.113730.3.4.4==
0
userAccountControl==
0x80000
Passwordexpired
notification
Ifnow()-
passwordExpirationTime<
14days
(theSASeriesSSLVPN
Appliancedisplayswarning
iflessthan14days)
IfBindResponseincludes
controlOID
2.16.840.1.113730.3.4.5
(containsdate/time)
(theSASeriesSSLVPN
Appliancedisplayswarning
iflessthan14days)
ifpwdLastSet-now()<
maxPwdAge-14days
(isreadfromdomain
attributes)
(theSASeriesSSLVPN
Appliancedisplayswarning
iflessthan14days)
Passwordexpiration
notification(inX
days/hours)
163
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
Table8:SupportedPasswordManagementFunctions (continued)
NovelleDirectory
iPlanet
ActiveDirectory
Function
BindErrorCode:53
"AccountExpired"
BindErrorCode:53"Login
Lockout"
BindErrorCode:53
"AccountInactivated"
BindErrorCode:19"Exceed
PasswordRetryLimit"
userAccountControl==0x2
(Disabled)
accountExpires
userAccountControl==
0x10(Locked)
lockoutTime
Disallow
authenticationif
"account
disabled/locked
Servertellsusinbind
response
Servertellsusinbind
response
Servertellsusinbind
response
Honor"password
history"
Ifset,theSASeriesSSL
VPNAppliancedisplays
messagetellinguser
passwordMinimumLength
Ifset,theSASeriesSSL
VPNAppliancedisplays
messagetellinguser
passwordMinLength
Ifset,theSASeriesSSL
VPNAppliancedisplays
messagetellinguser
minPwdLength
Enforce"minimum
passwordlength"
Servertellsusinbind
response
IfpasswordMinAge>0,
thenifnow()isearlierthan
passwordAllowChangeTime,
thenwedisallow
IfpwdLastSet-now()<
minPwdAge,thenwe
disallow
Disallowuserfrom
changingpassword
toosoon
Servertellsusinbind
response
Servertellsusinbind
response
IfpwdProperties==0x1,
thenenabled.Complexity
meansthenewpassword
doesnotcontain
username,firstorlast
name,andmustcontain
charactersfrom3ofthe
following4categories:
Englishuppercase,English
lowercase,Digits,and
Non-alphabeticcharacters
(ex.!,$,%)
Honor"password
complexity"
AD/NTPasswordManagementMatrix
ThefollowingmatrixdescribesthePasswordManagementfunctionssupportedby
JuniperNetworks.
Table9:AD/NTPasswordManagementMatrix
WindowsNT
ActiveDirectory2003
ActiveDirectory
Function
Yes
Yes
Yes
Authenticateuser
Yes
Yes
Yes
Allowusertochangepasswordifenabled
Yes
Yes
Yes
Logoutuserafterpasswordchange
Yes
Yes
Yes
Forcepasswordchangeatnextlogin
Copyright©2012,JuniperNetworks,Inc.
164
JunosPulseSecureAccessServiceAdministrationGuide
Documents you may be interested
Documents you may be interested