On 01/28/2013 12:14 PM, James James wrote:
> Hi, in 389-ds there is a nice plugin I love,  it's account policy. You can set
> account expiration date and the account will be inactive at this day.
> http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration
> Is there a way to have this feature with freeipa ?
> Regards.
> James

Hello James,

FreeIPA user plugin does not support this feature, you would need to hack it in
the plugin yourselves (patches welcome :-).

Generally, you should be able to set account expiration to
krbPrincipalExpiration attribute of the user account and it should just work.
You can also check few tickets we have already few tickets filed for better
handling of this attribute:

[RFE] Allow admins to change expiration attribute for the accounts

KrbPrincipalExpiration should be checked in pre-bind op

[RFE] Expose the krbPrincipalExpiration attribute for editing in the IPA CLI /

Anyway, if you want a support for this particular plugin, you can file an RFE
to Trac/Bugzilla  which we will further process.


Freeipa-users mailing list

Reply via email to