directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: [ApacheDS] Disable account after period of inactivity
Date Wed, 08 Mar 2017 04:18:49 GMT


Le 07/03/2017 à 21:29, Pittman, Michael a écrit :
> Hi,
>
> I'm looking for a way to disable a user account if the user has not logged in for a configurable
amount of days. Does ApacheDS currently support this?

You would like to set a default passwordPolcy, and set the
ads-pwdMaxIdle attribute. From
https://tools.ietf.org/html/draft-behera-ldap-password-policy-10#page-27 :

5.2.20.  pwdMaxIdle

   This attribute specifies the number of seconds an account may remain
   unused before it becomes locked.  If this attribute is not set or is
   0, no check is performed.

         ( 1.3.6.1.4.1.42.2.27.8.1.26
         NAME 'pwdMaxIdle'
         EQUALITY integerMatch
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
         SINGLE-VALUE )

Have a look at
http://directory.apache.org/apacheds/advanced-ug/4.3-password-policy.html

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org


Mime
View raw message