#48908 Allow account policy plugin to disable accounts without being triggered by a bind
Closed: wontfix 3 years ago by spichugi. Opened 7 years ago by nkinder.

The account policy plugin allows for an account to be disabled if it has not been active for a configurable period of time. It does this by recording the last login time, then comparing it against the threshold when a user performs a bind. If it has been too long, we then reject the bind and disable the user.

Certain environments have compliance requirements for inactive account deactivation, but this needs to happen automatically without being triggered by a failed attempt. This allows for proper auditing of inactive accounts.

The account policy plugin could be modified to use the event queue SLAPI API to trigger a callback that looks for inactive accounts, which it can then disable. The event frequency/schedule should be configurable in the account policy plugin configuration.


Note: needs more design work

Metadata Update from @nhosoi:
- Issue set to the milestone: 1.3.6 backlog

7 years ago

Metadata Update from @mreynolds:
- Issue close_status updated to: None
- Issue set to the milestone: 1.4 backlog (was: 1.3.6 backlog)

6 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1967

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata