Hi Eugen, okay, another option will be to define Local Account Policy for the users you want to be locked after the expiration.
Check out this setup for Local Account Policy (CoS configuration): https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index#account-policy-plugin-config And then, use the settings from this chapter to disable the user account after the expiration: https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html-single/administration_guide/index#disabling-accounts-a-certain-amount-of-time-after-password-expiry Sincerely, Simon On Thu, Sep 17, 2020 at 8:17 AM Eugen Lamers <eugen.lam...@br-automation.com> wrote: > Hi Simon, > > thanx for your help. But it is rather the other way round: The customer > already has the policy for special users that must not be forced to change > the password. In addition, the customer now wants "normal" users to be > completely locked out when the password has expired, only administrators > may then be able to change the user's password and enable the user's login. > > Eugen > _______________________________________________ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org >
_______________________________________________ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org