Thanks Rob. I have one more question. Is it possible to add a field in the ui, and get the field's value in a custom add user hook script ?
James 2013/2/7 Rob Crittenden <rcrit...@redhat.com> > James James wrote: > >> Can somebody gives me some help to set krbPrincipalExpiration from the >> freeipa ui ? >> > > You can't set this in the web UI. > > You can do it from the command line using ldapmodify with: > > $ ldapmodify -x -D 'cn=Directory Manager' -W > Enter LDAP Password: > dn: uid=tuser1,cn=users,cn=**accounts,dc=example,dc=com > changetype: modify > replace: krbPasswordExpiration > krbPasswordExpiration: 20200508032114Z > > ^D > > rob > >> >> Many thanks >> >> >> 2013/1/28 James James <jre...@gmail.com <mailto:jre...@gmail.com>> >> >> >> Hi Martin, >> thanks a lot for your answer. The krbPrincipalExpiration should do >> the job. >> >> Regards. >> >> >> 2013/1/28 Martin Kosek <mko...@redhat.com <mailto:mko...@redhat.com>> >> >> >> On 01/28/2013 12:14 PM, James James wrote: >> > Hi, in 389-ds there is a nice plugin I love, it's account >> policy. You can set >> > account expiration date and the account will be inactive at >> this day. >> > >> > >> http://directory.**fedoraproject.org/wiki/** >> Account_Policy_Design#**Detailed_Design_of_Account_**Expiration<http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration> >> > >> > Is there a way to have this feature with freeipa ? >> > >> > Regards. >> > >> > >> > James >> > >> >> Hello James, >> >> FreeIPA user plugin does not support this feature, you would >> need to hack it in >> the plugin yourselves (patches welcome :-). >> >> Generally, you should be able to set account expiration to >> krbPrincipalExpiration attribute of the user account and it >> should just work. >> You can also check few tickets we have already few tickets filed >> for better >> handling of this attribute: >> >> >> https://fedorahosted.org/**freeipa/ticket/3062<https://fedorahosted.org/freeipa/ticket/3062> >> [RFE] Allow admins to change expiration attribute for the accounts >> >> >> https://fedorahosted.org/**freeipa/ticket/3305<https://fedorahosted.org/freeipa/ticket/3305> >> KrbPrincipalExpiration should be checked in pre-bind op >> >> >> https://fedorahosted.org/**freeipa/ticket/3306<https://fedorahosted.org/freeipa/ticket/3306> >> [RFE] Expose the krbPrincipalExpiration attribute for editing in >> the IPA CLI / >> WEBUI >> >> >> Anyway, if you want a support for this particular plugin, you >> can file an RFE >> to Trac/Bugzilla which we will further process. >> >> HTH, >> Martin >> >> >> >> >> >> ______________________________**_________________ >> Freeipa-users mailing list >> Freeipa-users@redhat.com >> https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users> >> >> >
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users