[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP user credentials lifetime issue



I need to implement directory users' credentials lifetime functionality on my OpenLDAP server (2.3.27). For each user lifetime can be set as "forever" or "number of days between 1 and 365". After lifetime expires user must be terminated (user entry still present in directory, but not able to authenticate).


I have inspected slapo-ppolicy(5) overlay functionality, seems that:

"pwdMaxAge=<lifetime>" + "pwdGraceAuthnLimit=0"

would help, but then I need to setup separate policy for each user with different lifetime (not acceptable).


I would like to ask if slapd(8) offers features (in addition to slapo-ppolicy) to control the lifetime of directory users' credentials?  Is there a convenient way to implement such requirement?


Any suggestions are very appreciated!


Thanks in advance,