Hi Syncope
we are evaluating Syncope to provision certain accounts to an OpenLDAP &
AD directory service.
We managed to provision an account to OpenLDAP and populate a certain
LDAP-attribute with the value of a privilege. The privileges are linked
to a role and the user is assigned to that role.
This is all working fine, however we would like to add a start & end
time constraint to such a role assignment. Well in fact we want the
(privilege)attribute in OpenLDAP to be present for a certain amount of
time (can be different for each user) and then be removed. How can we
add this time constraint to Syncope (via a group or role or custom
policy, etc)
We would like to achieve the same this for membership of Active
Directory groups. We would like to make accounts temporarily a member of
an AD group.
Thank you for the feedback & advice!
Philip
