Hello,
We have recently setup a new 389 directory server.
One of our problems is to maintain user's accounts. Once we find proposed accounts for deletion i.e user has retired etc, we want to sent him an email, inform him that his account will be inactive in 30 days. Once 30 days are gone, then the account is disabled, for another 30 days and then removed.
Are there any plugins that can help us to achieve the above scenario, whole or partially?
Thank you in advance
Maria
On Mon, 2018-02-26 at 14:36 +0200, Maria Tsiolakki wrote:
Hello, We have recently setup a new 389 directory server. One of our problems is to maintain user's accounts. Once we find proposed accounts for deletion i.e user has retired etc, we want to sent him an email, inform him that his account will be inactive in 30 days. Once 30 days are gone, then the account is disabled, for another 30 days and then removed. Are there any plugins that can help us to achieve the above scenario, whole or partially? Thank you in advance
Sadly, this functionality doesn't exist today.
You could write an external tool that runs on a schedule and checks the objects inactive time (I can't remember the attribute name sorry), and that could run the notification process.
We already have the process internally for automatic inactivation, so I think you just need the notification step.
It's not a good idea to "remove" the account because you want to prevent UID reuse.
Imagine you have "admin" with uidnumber = 1000. You delete this, and you get a new user and you reuse uidnumber = 1000. Now your new user can access the old resources of "admin" ...
So it's better to just disable them and leave them there to prevent security risks of reuse of uidnumber and uid.
Hope that helps!
Maria
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o rg
Hello,
Many thanks for your reply.
Could you please explain further , when you say "We already have the process internally for automatic inactivation"
thank you
Maria
On 27/2/2018 2:25 πμ, William Brown wrote:
On Mon, 2018-02-26 at 14:36 +0200, Maria Tsiolakki wrote:
Hello, We have recently setup a new 389 directory server. One of our problems is to maintain user's accounts. Once we find proposed accounts for deletion i.e user has retired etc, we want to sent him an email, inform him that his account will be inactive in 30 days. Once 30 days are gone, then the account is disabled, for another 30 days and then removed. Are there any plugins that can help us to achieve the above scenario, whole or partially? Thank you in advance
Sadly, this functionality doesn't exist today.
You could write an external tool that runs on a schedule and checks the objects inactive time (I can't remember the attribute name sorry), and that could run the notification process.
We already have the process internally for automatic inactivation, so I think you just need the notification step.
It's not a good idea to "remove" the account because you want to prevent UID reuse.
Imagine you have "admin" with uidnumber = 1000. You delete this, and you get a new user and you reuse uidnumber = 1000. Now your new user can access the old resources of "admin" ...
So it's better to just disable them and leave them there to prevent security risks of reuse of uidnumber and uid.
Hope that helps!
Maria
389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o rg
389-users@lists.fedoraproject.org