Igor Shmukler wrote:
On Thursday, March 5, 2015, Dieter Klünter dieter@dkluenter.de wrote:
I would create and set a password according to RFC-3062, a little Perl script could do this and mail the password to the trial user. I would not allow a user to modify her pasword in a trial period.
Thank you for the suggestion. This certainly is one way to go. Your approach is simple. That's always good. I just need to think whether disallowing password change for trial users is acceptable.
Being a trial user one of the first things I'd test is how I can change my own password.
Generally the password policy is a bad place to limit the life/usage time of an account.
I'd recommend to define separate attributes for status and end-of-trial-time and implement a CRON job which disables the account after the a trial user is reached.
If the trial accounts are removed in any case then slapo-dds and auxiliary object class 'dynamicObject' could be an option. Note that a dynamic entry cannot be modified to a static entry by removing this object class. You'd have to delete and re-add the entry.
Ciao, Michael.