I also see that setting pwdLockout to TRUE and pwdLockoutDuration to 0 disables logins until enabled by an administrator. This works for my needs. However, I don't see how to enable pwdLockout when some time lapses or on specific date. Hence, I would probably need a cron job to disable accounts. Please share your insights!
On Thu, Mar 5, 2015 at 11:35 AM, Igor Shmukler igor.shmukler@gmail.com wrote:
Hello,
I am trying to implement a trial [period] for new customers, using the OpenLDAP password policy overlay.
I was thinking about setting a combination of pwdMaxAge, pwdMustChange and pwdAllowUserChange.
Basically, the best idea I have had is to set MaxAge to the length of trial [in seconds] then in a user changes the password while in trial mode, calculate MaxAge as (trial_length - time_passed), then at the end setting MustChange to true and AllowUserChange to false [until the trial has been converted].
Is that a sane policy? Should I be doing something totally different? Please advise.
Sincerely,
Igor Shmukler