[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "triggers" in slapd

Howard Chu wrote:
Michal Ludvig wrote:
Howard Chu wrote:
Michal Ludvig wrote:

More specifically I need to update shadowExpire in posixAccount object
whenever either shadowLastChanged or userPassword attributes are
updated. Is that achievable in some elegant way?
There is no reason to update shadowExpire, since it is merely a count of
number of days, not a specific date.

Not really. It basically *is* a date, just encoded as number of days since 01-01-1970. Obviously if shadowExpire==13411 I want to prevent that user from logging in after "Wed Sep 20 23:59:59 2006", i.e. tomorrow. But if he changes the password today he should have his shadowExpire updated to say today+2months.

You really need to re-read the documentation for shadow accounts. You're free to continue to disagree, but it only makes you look like a fool.

More specifically, if you want the account to be disabled X days after the password is changed, you just need to set shadowMax to X, that's what it's for. There's no reason to modify the shadowExpire date at all. Why create more work for yourself than necessary?

  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/