[Freeipa-users] Account Expiration
Rob Crittenden
rcritten at redhat.com
Thu Feb 7 03:24:28 UTC 2013
James James wrote:
> Can somebody gives me some help to set krbPrincipalExpiration from the
> freeipa ui ?
You can't set this in the web UI.
You can do it from the command line using ldapmodify with:
$ ldapmodify -x -D 'cn=Directory Manager' -W
Enter LDAP Password:
dn: uid=tuser1,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: krbPasswordExpiration
krbPasswordExpiration: 20200508032114Z
^D
rob
>
> Many thanks
>
>
> 2013/1/28 James James <jreg2k at gmail.com <mailto:jreg2k at gmail.com>>
>
> Hi Martin,
> thanks a lot for your answer. The krbPrincipalExpiration should do
> the job.
>
> Regards.
>
>
> 2013/1/28 Martin Kosek <mkosek at redhat.com <mailto:mkosek at redhat.com>>
>
> On 01/28/2013 12:14 PM, James James wrote:
> > Hi, in 389-ds there is a nice plugin I love, it's account
> policy. You can set
> > account expiration date and the account will be inactive at
> this day.
> >
> >
> http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration
> >
> > Is there a way to have this feature with freeipa ?
> >
> > Regards.
> >
> >
> > James
> >
>
> Hello James,
>
> FreeIPA user plugin does not support this feature, you would
> need to hack it in
> the plugin yourselves (patches welcome :-).
>
> Generally, you should be able to set account expiration to
> krbPrincipalExpiration attribute of the user account and it
> should just work.
> You can also check few tickets we have already few tickets filed
> for better
> handling of this attribute:
>
> https://fedorahosted.org/freeipa/ticket/3062
> [RFE] Allow admins to change expiration attribute for the accounts
>
> https://fedorahosted.org/freeipa/ticket/3305
> KrbPrincipalExpiration should be checked in pre-bind op
>
> https://fedorahosted.org/freeipa/ticket/3306
> [RFE] Expose the krbPrincipalExpiration attribute for editing in
> the IPA CLI /
> WEBUI
>
>
> Anyway, if you want a support for this particular plugin, you
> can file an RFE
> to Trac/Bugzilla which we will further process.
>
> HTH,
> Martin
>
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list