On 2019. 04. 01. 18:07, Michael Ströder wrote:
On 4/1/19 5:32 PM, Mikael Bak wrote:
> 1) I want to be able to disable users. I can do this by setting:
> pwdAccountLockedTime: 000001010000Z
I'd recommend to use another attribute and define a ACL on
attrs=userPassword for that.
Yes, I can do that, but I did not find any obvious choise of attribute
for this in the included schemas. What attribute do you recommend for this?
> 2) I want to be able to set a date in the future when a user
> will expire / deactivate.
> I was hoping to be able to set "pwdAccountLockedTime" to a date in the
> future and after that date the user account would be locked.
> Reading the source code for ppolicy I find an interesting block in the
> function "account_locked()" at line 356:
> /* Still in the future? not yet in effect */
> if (now < then)
> return 0;
> This leads me to believe that the author's intension may have been to
> allow what I want to do.
Note that semantics for 'pwdAccountLockedTime' are defined herein:
It does not mean what you want to achieve.
Thanks for the link to the ppolicy draft.
As I said, I realize ppolicy is probably not the best choise for what I
want to do. Unfortunately I did not find any other overlay module that
does what I would like to do. Are there any?
I'm very curious to know what others do in this situation.
For Æ-DIR I defined custom meta attributes aeStatus, aeExpiryStatus,
Thanks for the info.
How do handle the expiry in Æ-DIR? I have not found a way to construct
an ACL that can have "today" or "now" as a search parameter.
I'm quite new to LDAP, so a little help is greatly appreciated.