[Freeipa-users] Account Expiration

Rob Crittenden rcritten at redhat.com
Tue Feb 12 18:40:08 UTC 2013 

James James wrote:
> Can you tell me how update my ipa's files once when ticket
> https://fedorahosted.org/freeipa/ticket/3306 will be fixed ?
>
> Should I have to do 'yum update ipa*'  ?

Once it gets fixed upstream and packaged into a release, yes, that is 
what you would do.

> Is it possible to ipa to send a email to user when his account is about
> to expire (the current date is near krbprincipalexpiration date) ?

Not currently. In 3.0+ we will provide a notice when one logs into the 
WebUI but that's it.

We can't be sure that an MTA is properly configured on the IPA server at 
install time so we have punted on this for a while. We don't want to get 
into the business of picking and configuring one. This is one of those 
things that seems really easy but gets complicated the deeper you dig 
into it. We're open to suggestions/patches.

regards

rob

>
>
> 2013/2/7 Martin Kosek <mkosek at redhat.com <mailto:mkosek at redhat.com>>
>
>     On 02/07/2013 08:31 AM, James James wrote:
>      > Thanks Rob. I have one more question. Is it possible to add a
>     field in the ui,
>      > and get the field's value in a custom add user hook script  ?
>      >
>      > James
>
>     I know that Petr Vobornik is already working in better extensibility
>     of the UI,
>     but that would be available in future releases. Petr, do you have
>     any advice
>     for James for current release?
>
>      >
>      >
>      > 2013/2/7 Rob Crittenden <rcritten at redhat.com
>     <mailto:rcritten at redhat.com> <mailto:rcritten at redhat.com
>     <mailto:rcritten at redhat.com>>>
>      >
>      >     James James wrote:
>      >
>      >         Can somebody gives me some help to set
>     krbPrincipalExpiration from the
>      >         freeipa ui ?
>      >
>      >
>      >     You can't set this in the web UI.
>
>     Note: You will be able to set it in the CLI/UI when ticket
>     https://fedorahosted.org/freeipa/ticket/3306
>     is fixed.
>
>      >
>      >     You can do it from the command line using ldapmodify with:
>      >
>      >     $ ldapmodify -x -D 'cn=Directory Manager' -W
>      >     Enter LDAP Password:
>      >     dn: uid=tuser1,cn=users,cn=__accounts,dc=example,dc=com
>      >     changetype: modify
>      >     replace: krbPasswordExpiration
>      >     krbPasswordExpiration: 20200508032114Z
>      >
>      >     ^D
>
>     This would change password expiration attribute. So for account
>     expiration, you
>     would just need to replace krbPasswordExpiration modification above with
>     krbPrincipalExpiration.
>
>     Martin
>
>

More information about the Freeipa-users mailing list