On 01/28/2013 12:14 PM, James James wrote: > Hi, in 389-ds there is a nice plugin I love, it's account policy. You can set > account expiration date and the account will be inactive at this day. > > http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration > > Is there a way to have this feature with freeipa ? > > Regards. > > > James >
Hello James, FreeIPA user plugin does not support this feature, you would need to hack it in the plugin yourselves (patches welcome :-). Generally, you should be able to set account expiration to krbPrincipalExpiration attribute of the user account and it should just work. You can also check few tickets we have already few tickets filed for better handling of this attribute: https://fedorahosted.org/freeipa/ticket/3062 [RFE] Allow admins to change expiration attribute for the accounts https://fedorahosted.org/freeipa/ticket/3305 KrbPrincipalExpiration should be checked in pre-bind op https://fedorahosted.org/freeipa/ticket/3306 [RFE] Expose the krbPrincipalExpiration attribute for editing in the IPA CLI / WEBUI Anyway, if you want a support for this particular plugin, you can file an RFE to Trac/Bugzilla which we will further process. HTH, Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users