[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sane ppolicy choices

I also see that setting pwdLockout to TRUE and pwdLockoutDuration to 0
disables logins until enabled by an administrator. This works for my
needs. However, I don't see how to enable pwdLockout when some time
lapses or on specific date. Hence, I would probably need a cron job to
disable accounts.
Please share your insights!

On Thu, Mar 5, 2015 at 11:35 AM, Igor Shmukler <igor.shmukler@gmail.com> wrote:
> Hello,
> I am trying to implement a trial [period] for new customers, using the
> OpenLDAP password policy overlay.
> I was thinking about setting a combination of pwdMaxAge, pwdMustChange
> and pwdAllowUserChange.
> Basically, the best idea I have had is to set MaxAge to the length of
> trial [in seconds] then in a user changes the password while in trial
> mode, calculate MaxAge as (trial_length - time_passed), then at the
> end setting MustChange to true and AllowUserChange to false [until the
> trial has been converted].
> Is that a sane policy? Should I be doing something totally different?
> Please advise.
> Sincerely,
> Igor Shmukler