[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sane ppolicy choices



I also see that setting pwdLockout to TRUE and pwdLockoutDuration to 0
disables logins until enabled by an administrator. This works for my
needs. However, I don't see how to enable pwdLockout when some time
lapses or on specific date. Hence, I would probably need a cron job to
disable accounts.
Please share your insights!

On Thu, Mar 5, 2015 at 11:35 AM, Igor Shmukler <igor.shmukler@gmail.com> wrote:
> Hello,
>
> I am trying to implement a trial [period] for new customers, using the
> OpenLDAP password policy overlay.
>
> I was thinking about setting a combination of pwdMaxAge, pwdMustChange
> and pwdAllowUserChange.
>
> Basically, the best idea I have had is to set MaxAge to the length of
> trial [in seconds] then in a user changes the password while in trial
> mode, calculate MaxAge as (trial_length - time_passed), then at the
> end setting MustChange to true and AllowUserChange to false [until the
> trial has been converted].
>
> Is that a sane policy? Should I be doing something totally different?
> Please advise.
>
> Sincerely,
>
> Igor Shmukler