Igor Shmukler wrote: > On Thursday, March 5, 2015, Dieter Klünter <dieter@dkluenter.de> wrote: >> I would create and set a password according to RFC-3062, a little Perl >> script could do this and mail the password to the trial user. I would >> not allow a user to modify her pasword in a trial period. > > Thank you for the suggestion. This certainly is one way to go. Your > approach is simple. That's always good. I just need to think whether > disallowing password change for trial users is acceptable. Being a trial user one of the first things I'd test is how I can change my own password. Generally the password policy is a bad place to limit the life/usage time of an account. I'd recommend to define separate attributes for status and end-of-trial-time and implement a CRON job which disables the account after the a trial user is reached. If the trial accounts are removed in any case then slapo-dds and auxiliary object class 'dynamicObject' could be an option. Note that a dynamic entry cannot be modified to a static entry by removing this object class. You'd have to delete and re-add the entry. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature