James James wrote:
Can somebody gives me some help to set krbPrincipalExpiration from the
freeipa ui ?


You can't set this in the web UI.

You can do it from the command line using ldapmodify with:

$ ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 20200508032114Z

^D

rob

Many thanks


2013/1/28 James James <jre...@gmail.com <mailto:jre...@gmail.com>>

    Hi Martin,
    thanks a lot for your answer. The krbPrincipalExpiration should do
    the job.

    Regards.


    2013/1/28 Martin Kosek <mko...@redhat.com <mailto:mko...@redhat.com>>

        On 01/28/2013 12:14 PM, James James wrote:
         > Hi, in 389-ds there is a nice plugin I love,  it's account
        policy. You can set
         > account expiration date and the account will be inactive at
        this day.
         >
         >
        
http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration
         >
         > Is there a way to have this feature with freeipa ?
         >
         > Regards.
         >
         >
         > James
         >

        Hello James,

        FreeIPA user plugin does not support this feature, you would
        need to hack it in
        the plugin yourselves (patches welcome :-).

        Generally, you should be able to set account expiration to
        krbPrincipalExpiration attribute of the user account and it
        should just work.
        You can also check few tickets we have already few tickets filed
        for better
        handling of this attribute:

        https://fedorahosted.org/freeipa/ticket/3062
        [RFE] Allow admins to change expiration attribute for the accounts

        https://fedorahosted.org/freeipa/ticket/3305
        KrbPrincipalExpiration should be checked in pre-bind op

        https://fedorahosted.org/freeipa/ticket/3306
        [RFE] Expose the krbPrincipalExpiration attribute for editing in
        the IPA CLI /
        WEBUI


        Anyway, if you want a support for this particular plugin, you
        can file an RFE
        to Trac/Bugzilla  which we will further process.

        HTH,
        Martin





_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to