You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Ca...@ibs-ag.com on 2012/05/02 16:21:00 UTC
Anyway to predetermine date/time a user is expired?
Hi, We've made a lot of use of password policies to get idle users to change their passwords and so on. Now we're looking for a way, user by user to set a date
after which a user would not be able to bind even with valid dn / pass. This ideally would not expire the current password, rather put the account on
hold so that manual intervention would be required to re-enable it. I've looked through object classes and policy Subschemas but don't see any way of doing this.
Has anyone come across a need to do this? If so I'd appreciate your thoughts. Thank you. Carlo Accorsi
Re: Anyway to predetermine date/time a user is expired?
Posted by Kiran Ayyagari <ka...@apache.org>.
I think so, am not aware of any standard way to achieve this in the
way you wanted
On Wed, May 2, 2012 at 8:36 PM, <Ca...@ibs-ag.com> wrote:
> OK that's great and it solves my first order problem. Although if I need it to happen on a specific date and time where would one store the date?
> Are we going down the road of a custom schema and creating some sort of supporting interceptor or trigger?
> Thanks.
>
> -----Original Message-----
> From: ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] On Behalf Of Kiran Ayyagari
> Sent: Wednesday, May 02, 2012 10:25 AM
> To: users@directory.apache.org
> Subject: Re: Anyway to predetermine date/time a user is expired?
>
> set the value of pwdAccountLockedTime attribute to 000001010000Z This will lock the user permanently till an administrator removes this attribute.
>
> On Wed, May 2, 2012 at 7:51 PM, <Ca...@ibs-ag.com> wrote:
>> Hi, We've made a lot of use of password policies to get idle users to
>> change their passwords and so on. Now we're looking for a way, user by
>> user to set a date after which a user would not be able to bind even with valid dn / pass. This ideally would not expire the current password, rather put the account on hold so that manual intervention would be required to re-enable it. I've looked through object classes and policy Subschemas but don't see any way of doing this.
>> Has anyone come across a need to do this? If so I'd appreciate your
>> thoughts. Thank you. Carlo Accorsi
>>
>>
>
>
>
> --
> Kiran Ayyagari
--
Kiran Ayyagari
RE: Anyway to predetermine date/time a user is expired?
Posted by Ca...@ibs-ag.com.
OK that's great and it solves my first order problem. Although if I need it to happen on a specific date and time where would one store the date?
Are we going down the road of a custom schema and creating some sort of supporting interceptor or trigger?
Thanks.
-----Original Message-----
From: ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] On Behalf Of Kiran Ayyagari
Sent: Wednesday, May 02, 2012 10:25 AM
To: users@directory.apache.org
Subject: Re: Anyway to predetermine date/time a user is expired?
set the value of pwdAccountLockedTime attribute to 000001010000Z This will lock the user permanently till an administrator removes this attribute.
On Wed, May 2, 2012 at 7:51 PM, <Ca...@ibs-ag.com> wrote:
> Hi, We've made a lot of use of password policies to get idle users to
> change their passwords and so on. Now we're looking for a way, user by
> user to set a date after which a user would not be able to bind even with valid dn / pass. This ideally would not expire the current password, rather put the account on hold so that manual intervention would be required to re-enable it. I've looked through object classes and policy Subschemas but don't see any way of doing this.
> Has anyone come across a need to do this? If so I'd appreciate your
> thoughts. Thank you. Carlo Accorsi
>
>
--
Kiran Ayyagari
Re: Anyway to predetermine date/time a user is expired?
Posted by Kiran Ayyagari <ka...@apache.org>.
set the value of pwdAccountLockedTime attribute to 000001010000Z
This will lock the user permanently till an administrator removes this
attribute.
On Wed, May 2, 2012 at 7:51 PM, <Ca...@ibs-ag.com> wrote:
> Hi, We've made a lot of use of password policies to get idle users to change their passwords and so on. Now we're looking for a way, user by user to set a date
> after which a user would not be able to bind even with valid dn / pass. This ideally would not expire the current password, rather put the account on
> hold so that manual intervention would be required to re-enable it. I've looked through object classes and policy Subschemas but don't see any way of doing this.
> Has anyone come across a need to do this? If so I'd appreciate your thoughts. Thank you. Carlo Accorsi
>
>
--
Kiran Ayyagari