[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Howto time expires an Openldap account ?

LABICHE Alexandre wrote:
Hello Pierangelo,

Thanks for your quick reply and your perfect analyse.

To explain what I use in ppolicy is to lock an account at a specific time. Exactly the account is locked because user doesn't change his password after a graceful period. But if he changes his password before graceful period , his account is OK for a new period.

So if want to lock an account I must block the "change password" for users. That's what I think.

It's not really a expiredtime account and our internal policy wants users change their passwords.

This is what the ppolicy pwdMaxAge policy setting is for.

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/