201 |
How User Time Restrictions are Enforced
Administrators can place a time restriction on directory user accounts. Time restrictions limit the ability of the user to log in (authenticate) to the directory. Typically, time restrictions are enforced using the time at the directory server, but if the directory server is located in a different time zone or a replica in a different time zone is accessed, then time zone information from the managed object can be used to adjust for relative time.
The directory server evaluates user time restrictions, but the determination can be complicated by time zone changes or authentication mechanism.
User time restrictions are enforced by the directory server
User | Client | Directory | LOM | |
Workstation | Server | |||
|
|
11 | 12 1 | 11 | 12 1 | 11 | 12 1 | 11 | 12 1 | ||||
10 |
| 2 | 10 |
| 2 | 10 |
| 2 | 10 |
| 2 |
9 |
| 3 | 9 |
| 3 | 9 |
| 3 | 9 |
| 3 |
8 |
| 4 | 8 |
| 4 | 8 |
| 4 | 8 |
| 4 |
7 | 6 | 5 | 7 | 6 | 5 | 7 | 6 | 5 | 7 | 6 | 5 |
User Address Restrictions
Administrators can place network address restrictions on a directory user account, and these restrictions are enforced by the directory server. Refer to the directory service documentation for details on the enforcement of address restrictions on LDAP clients, such as a user logging in to a LOM device.