[Freeipa-users] Account Expiration
James James
jreg2k at gmail.com
Thu Feb 7 07:31:52 UTC 2013
Thanks Rob. I have one more question. Is it possible to add a field in the
ui, and get the field's value in a custom add user hook script ?
James
2013/2/7 Rob Crittenden <rcritten at redhat.com>
> James James wrote:
>
>> Can somebody gives me some help to set krbPrincipalExpiration from the
>> freeipa ui ?
>>
>
> You can't set this in the web UI.
>
> You can do it from the command line using ldapmodify with:
>
> $ ldapmodify -x -D 'cn=Directory Manager' -W
> Enter LDAP Password:
> dn: uid=tuser1,cn=users,cn=**accounts,dc=example,dc=com
> changetype: modify
> replace: krbPasswordExpiration
> krbPasswordExpiration: 20200508032114Z
>
> ^D
>
> rob
>
>>
>> Many thanks
>>
>>
>> 2013/1/28 James James <jreg2k at gmail.com <mailto:jreg2k at gmail.com>>
>>
>>
>> Hi Martin,
>> thanks a lot for your answer. The krbPrincipalExpiration should do
>> the job.
>>
>> Regards.
>>
>>
>> 2013/1/28 Martin Kosek <mkosek at redhat.com <mailto:mkosek at redhat.com>>
>>
>>
>> On 01/28/2013 12:14 PM, James James wrote:
>> > Hi, in 389-ds there is a nice plugin I love, it's account
>> policy. You can set
>> > account expiration date and the account will be inactive at
>> this day.
>> >
>> >
>> http://directory.**fedoraproject.org/wiki/**
>> Account_Policy_Design#**Detailed_Design_of_Account_**Expiration<http://directory.fedoraproject.org/wiki/Account_Policy_Design#Detailed_Design_of_Account_Expiration>
>> >
>> > Is there a way to have this feature with freeipa ?
>> >
>> > Regards.
>> >
>> >
>> > James
>> >
>>
>> Hello James,
>>
>> FreeIPA user plugin does not support this feature, you would
>> need to hack it in
>> the plugin yourselves (patches welcome :-).
>>
>> Generally, you should be able to set account expiration to
>> krbPrincipalExpiration attribute of the user account and it
>> should just work.
>> You can also check few tickets we have already few tickets filed
>> for better
>> handling of this attribute:
>>
>> https://fedorahosted.org/**freeipa/ticket/3062<https://fedorahosted.org/freeipa/ticket/3062>
>> [RFE] Allow admins to change expiration attribute for the accounts
>>
>> https://fedorahosted.org/**freeipa/ticket/3305<https://fedorahosted.org/freeipa/ticket/3305>
>> KrbPrincipalExpiration should be checked in pre-bind op
>>
>> https://fedorahosted.org/**freeipa/ticket/3306<https://fedorahosted.org/freeipa/ticket/3306>
>> [RFE] Expose the krbPrincipalExpiration attribute for editing in
>> the IPA CLI /
>> WEBUI
>>
>>
>> Anyway, if you want a support for this particular plugin, you
>> can file an RFE
>> to Trac/Bugzilla which we will further process.
>>
>> HTH,
>> Martin
>>
>>
>>
>>
>>
>> ______________________________**_________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130207/63a4dd57/attachment.htm>
More information about the Freeipa-users
mailing list