On 10/2/23 4:13 AM, Cenk Y. wrote:
Hi Mark, thanks for the response.
We already use password lockout plugin, but what I need is the opposite.
I want to
* Create an account, activate it* Set an expiration date, so that after that date account is locked.
Yeah there is no way to "lock" an account that way. You can set
the password to expire, but its not the same thing and a password
reset will bump that expiration time anyway.
Please file an RFE for this feature, but it could take some time until it's implemented.
https://github.com/389ds/389-ds-base/issues/new
Thanks,
Mark
CheersCenk
On Fri, Sep 29, 2023 at 9:50 PM Mark Reynolds <mareynol@xxxxxxxxxx> wrote:
Actually, I was wrong there is more you need to do.
You need to enable account lockout and set a max failure count:
# dsconf slapd-INSTANCE config set passwordLockout=on passwordMaxFailure=3
Then set in each user entry:
passwordRetryCount: 3 --> number equal to passwordMaxFailure
retryCountResetTime: 20230929193912Z --> you must calculate this
value (and use it for these two attributes)
accountUnlockTime: 20230929193912Z
That works for me.
HTH,
Mark
On 9/29/23 11:40 AM, Cenk Y. wrote:
> Hello,
>
> We are running 389-ds-base.2.2.7 .
>
> While creating accounts, sometimes we know until when they need to be
> active. Is there a way to manually set a "expiration date" for the
> account, so after that date nsAccount is set to true?
>
> Having gone through rhds and 389-ds pages, it seems it's only possible
> to create a policy to deactivate accounts after an inactivity limit.
>
> I can always create a mechanism myself (such as adding a new attribute
> and checking it by a cron job ...) , but I want to see if there is a
> native way to do this?
>
> Thanks
> Cenk
>
> _______________________________________________
> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
Directory Server Development Team
-- Directory Server Development Team
_______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
