Am Thu, 5 Mar 2015 11:35:23 +0200 schrieb Igor Shmukler <[email protected]>:
> Hello, > > I am trying to implement a trial [period] for new customers, using the > OpenLDAP password policy overlay. > > I was thinking about setting a combination of pwdMaxAge, pwdMustChange > and pwdAllowUserChange. > > Basically, the best idea I have had is to set MaxAge to the length of > trial [in seconds] then in a user changes the password while in trial > mode, calculate MaxAge as (trial_length - time_passed), then at the > end setting MustChange to true and AllowUserChange to false [until the > trial has been converted]. > > Is that a sane policy? Should I be doing something totally different? > Please advise. I would create and set a password according to RFC-3062, a little Perl script could do this and mail the password to the trial user. I would not allow a user to modify her pasword in a trial period. Policy would be pwdAllowuserChange: false pwdMustChange: false pwdSafeModify: false pwdMaxAge: according to your requirements. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
