OK that's great and it solves my first order problem. Although if I need it to happen on a specific date and time where would one store the date? Are we going down the road of a custom schema and creating some sort of supporting interceptor or trigger? Thanks.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kiran Ayyagari Sent: Wednesday, May 02, 2012 10:25 AM To: [email protected] Subject: Re: Anyway to predetermine date/time a user is expired? set the value of pwdAccountLockedTime attribute to 000001010000Z This will lock the user permanently till an administrator removes this attribute. On Wed, May 2, 2012 at 7:51 PM, <[email protected]> wrote: > Hi, We've made a lot of use of password policies to get idle users to > change their passwords and so on. Now we're looking for a way, user by > user to set a date after which a user would not be able to bind even with > valid dn / pass. This ideally would not expire the current password, rather > put the account on hold so that manual intervention would be required to > re-enable it. I've looked through object classes and policy Subschemas but > don't see any way of doing this. > Has anyone come across a need to do this? If so I'd appreciate your > thoughts. Thank you. Carlo Accorsi > > -- Kiran Ayyagari
