I also see that setting pwdLockout to TRUE and pwdLockoutDuration to 0 disables logins until enabled by an administrator. This works for my needs. However, I don't see how to enable pwdLockout when some time lapses or on specific date. Hence, I would probably need a cron job to disable accounts. Please share your insights!
On Thu, Mar 5, 2015 at 11:35 AM, Igor Shmukler <[email protected]> wrote: > Hello, > > I am trying to implement a trial [period] for new customers, using the > OpenLDAP password policy overlay. > > I was thinking about setting a combination of pwdMaxAge, pwdMustChange > and pwdAllowUserChange. > > Basically, the best idea I have had is to set MaxAge to the length of > trial [in seconds] then in a user changes the password while in trial > mode, calculate MaxAge as (trial_length - time_passed), then at the > end setting MustChange to true and AllowUserChange to false [until the > trial has been converted]. > > Is that a sane policy? Should I be doing something totally different? > Please advise. > > Sincerely, > > Igor Shmukler
