<div dir="ltr"><div>Thanks Rob. I have one more question. Is it possible to add a field in the ui, and get the field's value in a custom add user hook script ?<br><br></div><div>James<br></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">2013/2/7 Rob Crittenden <span dir="ltr"><<a href="mailto:rcritten@redhat.com" target="_blank">rcritten@redhat.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">James James wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Can somebody gives me some help to set krbPrincipalExpiration from the<br>
freeipa ui ?<br>
</blockquote>
<br></div>
You can't set this in the web UI.<br>
<br>
You can do it from the command line using ldapmodify with:<br>
<br>
$ ldapmodify -x -D 'cn=Directory Manager' -W<br>
Enter LDAP Password:<br>
dn: uid=tuser1,cn=users,cn=<u></u>accounts,dc=example,dc=com<br>
changetype: modify<br>
replace: krbPasswordExpiration<br>
krbPasswordExpiration: 20200508032114Z<br>
<br>
^D<br>
<br>
rob<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Many thanks<br>
<br>
<br>
2013/1/28 James James <<a href="mailto:jreg2k@gmail.com" target="_blank">jreg2k@gmail.com</a> <mailto:<a href="mailto:jreg2k@gmail.com" target="_blank">jreg2k@gmail.com</a>>><div class="im"><br>
<br>
Hi Martin,<br>
thanks a lot for your answer. The krbPrincipalExpiration should do<br>
the job.<br>
<br>
Regards.<br>
<br>
<br></div>
2013/1/28 Martin Kosek <<a href="mailto:mkosek@redhat.com" target="_blank">mkosek@redhat.com</a> <mailto:<a href="mailto:mkosek@redhat.com" target="_blank">mkosek@redhat.com</a>>><div><div class="h5"><br>
<br>
On 01/28/2013 12:14 PM, James James wrote:<br>
> Hi, in 389-ds there is a nice plugin I love, it's account<br>
policy. You can set<br>
> account expiration date and the account will be inactive at<br>
this day.<br>
><br>
><br>
<a href="http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration" target="_blank">http://directory.<u></u>fedoraproject.org/wiki/<u></u>Account_Policy_Design#<u></u>Detailed_Design_of_Account_<u></u>Expiration</a><br>
><br>
> Is there a way to have this feature with freeipa ?<br>
><br>
> Regards.<br>
><br>
><br>
> James<br>
><br>
<br>
Hello James,<br>
<br>
FreeIPA user plugin does not support this feature, you would<br>
need to hack it in<br>
the plugin yourselves (patches welcome :-).<br>
<br>
Generally, you should be able to set account expiration to<br>
krbPrincipalExpiration attribute of the user account and it<br>
should just work.<br>
You can also check few tickets we have already few tickets filed<br>
for better<br>
handling of this attribute:<br>
<br>
<a href="https://fedorahosted.org/freeipa/ticket/3062" target="_blank">https://fedorahosted.org/<u></u>freeipa/ticket/3062</a><br>
[RFE] Allow admins to change expiration attribute for the accounts<br>
<br>
<a href="https://fedorahosted.org/freeipa/ticket/3305" target="_blank">https://fedorahosted.org/<u></u>freeipa/ticket/3305</a><br>
KrbPrincipalExpiration should be checked in pre-bind op<br>
<br>
<a href="https://fedorahosted.org/freeipa/ticket/3306" target="_blank">https://fedorahosted.org/<u></u>freeipa/ticket/3306</a><br>
[RFE] Expose the krbPrincipalExpiration attribute for editing in<br>
the IPA CLI /<br>
WEBUI<br>
<br>
<br>
Anyway, if you want a support for this particular plugin, you<br>
can file an RFE<br>
to Trac/Bugzilla which we will further process.<br>
<br>
HTH,<br>
Martin<br>
<br>
<br>
<br>
<br>
<br></div></div>
______________________________<u></u>_________________<br>
Freeipa-users mailing list<br>
<a href="mailto:Freeipa-users@redhat.com" target="_blank">Freeipa-users@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/<u></u>mailman/listinfo/freeipa-users</a><br>
<br>
</blockquote>
<br>
</blockquote></div><br></div>