directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: [ApacheDS] Disable account after period of inactivity
Date Tue, 14 Mar 2017 17:22:58 GMT

Le 14/03/2017 à 15:57, Pittman, Michael a écrit :
> Hi Emmanuel,

Hi Michael,
> Thanks for the response this helps a lot! This is almost what I need, but not quite all
of it.
> I have a custom attribute called 'status' on my custom user object. This 'status' attribute
can be either 'ACTIVE' or 'INACTIVE'. Is there a way that I can create some sort of interceptor
that will trigger when the account is locked due to inactivity from pwdMaxIdle?
It's possible. You will need to add an interceptor *before* the
authentication interceptor to do that. As teh chain of interceptor is
configurable, that is an option.

> I want this interceptor to trigger and set the 'status' attribute to 'INACTIVE'.
Again, that possible, you 'just' have to write the intercpeot and to
modify teh configuration to inject it at the right place.
> Also, once an account is locked, how do I unlock it? Do I simply remove the pwdLastSuccessTime
attribute? Or just have an admin user change the password?
You need an admin user to change it.


Emmanuel Lecharny

View raw message