On 10/10/23 14:46, Volodymyr Lisnyi wrote:
Ok, I can add it to the user entries, but what I see is that new users also don't have this attribute. So what is the procedure (also can not find this in the manual) to enable it by default because I can not add it to the new users manually on a regular basis?
What are you trying to archive? The attribute might be automatically added if you have defined the pwdMaxAge in your policy.
Also from docs not clear if both pwdStartTime and pwdEndTime are needed or if I can use only the last pwdEndTime.
In my opinion the man page (slapo_ppolicy(5)) is quite clear about this:
tl;dr pwdStartTime defines when the becomes valid and pwdEndTime defines when the password becomes invalid for a user.
pwdStartTime: This attribute specifies the time the entry's password becomes valid for authentication. Authentication attempts made before this time will fail. If this attribute does not exist, then no restriction applies.
pwdEndTime: This attribute specifies the time the entry's password becomes invalid for authentication. Authentication attempts made after this time will fail, regardless of expiration or grace settings. If this attribute does not exist, then this restriction does not apply.
In case pwdStartTime is greater than pwdEndTime: Note that pwdStartTime may be set to a time greater than or equal to pwdEndTime; this simply disables the account.