Dieter Kluenter wrote: > "Aharon Verno" <[EMAIL PROTECTED]> writes: > >> I was wondering if there was a way to automatically disable an account that >> hasn’t been logged into for a period of time? We use OpenLDAP to give >> entitlements for our email system and we would love a way to automatically >> shutdown accounts that haven’t been authenticated to in X days. Thanks for >> any >> help with this. > > Depending on the number of entries in question and the time to live of > this objects you may want to have a look at slapo-dds(5). > You could probably create a dynamic object as soon as a user logs in, > and allow a given ttl or some similar strategy,
This would __delete__ the account; furthermore, you'd need to setup something to "touch" the TTL any time the account is used. I think something dedicated should rather been implemented, which logs the time of a login and, periodically, checks if any account needs to be disabled (e.g. inhibit logging, not remove the entry). It shouldn't be too difficult. p. Ing. Pierangelo Masarati OpenLDAP Core Team SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: [EMAIL PROTECTED] ---------------------------------------
