It is possible to set up a cron job to do this for you. However, it is good practice for companies to do this process manually instead of relying on a script that will run at some point on it's own. Either way, someone will have to do something to initiate the process.

What I suggest is to keep doing this manually as you have been, but script the process so all that the Systems Administrator needs to do is type the IPA 'admin' password or another administrator's password during the process of disabling the username that is no longer used.

The only thing you should need to place in your script for disabling the user is:

kinit admin
ipa user-disable username

On 06/12/2017 08:08 AM, Per Qvindesland via FreeIPA-users wrote:
Hi All

Is it possible to a schedule for when a user account is disabled/deleted? the 
reason why I am asking is that we would like to be able to set an account to be 
disabled or deleted when the user leaves the company, for the moment it can 
take time until a sys admin disables or deletes the account which is not 


FreeIPA-users mailing list --
To unsubscribe send an email to

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to