Description of problem:
Define an account policy to track login times and lock accounts due to inactivity.
As we see in documentation, the only way to activate an account which has been inactivated by inactivity is to delete the lastlogintime attribute:
"Accounts which are inactivated through the Account Policy Plug-in cannot be managed with the tools that are used to manage lockouts that are set manually by the administrator (ns-activate.pl) or through the password policy. If an account is locked because it reached the inactivity limit, it can be reactivated by removing the lastLoginTime operational attribute from the entry."
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10/html/ Administration_Guide/account-policy-plugin.html#account-policy-plugin-syntax
The issue is that this has to be done by Administrator and the only way to detect an account is locked, is to query the assigned policy of the entry to find the inactiviy limit and do the calculation against the lastlogintime, exactly as the server is calculating at user BIND time.
RFE: enhance ns-accountstatus.pl to be able to recognize an account must be re-activated.
There is also a request to provide more information in account status:
{{{ Entry Created Date Entry Modified Date User is locked - Yes/No User is Deactivated - Yes/No }}}
attachment 0001-Ticket-48269-RFE-need-an-easy-way-to-detect-locked-a.patch
I think the only change I would say is on the CLI help:
{-I DN | [-b basedn -f filter -s scope]}
Should be:
{-I DN | -b basedn -f filter [-s scope]}
As only the scope is optional.
Otherwise, works for me, and with that doc change, you have my ack.
Replying to [comment:6 firstyear]:
I think the only change I would say is on the CLI help: {-I DN | [-b basedn -f filter -s scope]} Should be: {-I DN | -b basedn -f filter [-s scope]} As only the scope is optional. Otherwise, works for me, and with that doc change, you have my ack.
Done, and I also updated the man page:
e033d4b..9795ec8 master -> master commit 9795ec8 Author: Mark Reynolds mreynolds@redhat.com Date: Mon Feb 8 10:52:48 2016 -0500
attachment 0001-Ticket-48269-ns-accountstatus-status-message-improve.patch
9c310b0..7b7d22c master -> master commit 7b7d22c Author: Mark Reynolds mreynolds@redhat.com Date: Tue May 3 15:51:51 2016 -0400
Metadata Update from @mreynolds: - Issue assigned to mreynolds - Issue set to the milestone: 1.3.5.0
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/1600
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.