Le 14/03/2017 à 15:57, Pittman, Michael a écrit : > Hi Emmanuel,
Hi Michael, > > Thanks for the response this helps a lot! This is almost what I need, but not > quite all of it. > > I have a custom attribute called 'status' on my custom user object. This > 'status' attribute can be either 'ACTIVE' or 'INACTIVE'. Is there a way that > I can create some sort of interceptor that will trigger when the account is > locked due to inactivity from pwdMaxIdle? It's possible. You will need to add an interceptor *before* the authentication interceptor to do that. As teh chain of interceptor is configurable, that is an option. > > I want this interceptor to trigger and set the 'status' attribute to > 'INACTIVE'. Again, that possible, you 'just' have to write the intercpeot and to modify teh configuration to inject it at the right place. > > Also, once an account is locked, how do I unlock it? Do I simply remove the > pwdLastSuccessTime attribute? Or just have an admin user change the password? You need an admin user to change it. -- Emmanuel Lecharny Symas.com directory.apache.org
