set the value of pwdAccountLockedTime attribute to 000001010000Z This will lock the user permanently till an administrator removes this attribute.
On Wed, May 2, 2012 at 7:51 PM, <[email protected]> wrote: > Hi, We've made a lot of use of password policies to get idle users to change > their passwords and so on. Now we're looking for a way, user by user to set a > date > after which a user would not be able to bind even with valid dn / pass. This > ideally would not expire the current password, rather put the account on > hold so that manual intervention would be required to re-enable it. I've > looked through object classes and policy Subschemas but don't see any way of > doing this. > Has anyone come across a need to do this? If so I'd appreciate your thoughts. > Thank you. Carlo Accorsi > > -- Kiran Ayyagari
