> I could have a script check for expirations and flip the accountStatus > to Disabled. That would be OK, and help enforce our policy here.
You should not. Because if you disable an account, it stops to receive email. What I mean is: qmail-local will not deliver if account is not enabled. > But where do you suggest storing this expiration date? I'm not smart > enough about LDAP schema to know where to put this. While I > understand that LDAP entries get a date/time-stamp of their last > update, it seems this applies to the entire entry, not just a single > attribute like userPassword. Expiration date is part of the shadowAccount objectClass, it is the attribute named shadowExpire. If you mean to control expiration date for passwords, you better use shadowAccount, which have a number of fields designed to add security to posixAccount. In fact, they are mirrors for /etc/passwd (posixAccont) and /etc/shadow (shadowAccount). The BIG difficulty with that is to gather a tool to change your LDAP userPassword that works with shadowAccount attributes. You know, that kind of tool MUST be used in a browser, to be effective. -- Bye, Fernando Maciel Souto Maior [EMAIL PROTECTED] http://www.araujo.com.br +55+31 3270-5886 LPIC/1 # 31908 AVISO------------------------------------------------------------- Esta mensagem pode conter informacao confidencial ou privilegiada. Se voce nao for o destinatario ou a pessoa autorizada a receber esta mensagem, nao pode usar, copiar ou divulgar as informacoes nela contidas ou tomar qualquer acao baseada nessas informacoes. Se voce recebeu esta mensagem por engano, favor avisar o remetente imediatamente, respondendo o e-mail e em seguida apagando-o. Obrigado pela cooperacao. DISCLAIMER-------------------------------------------------------- This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on any information herein. If you have received this message in error, please advise the sender immediately by replying to this e-mail and delete this message. Thank you for your cooperation. ------------------------------------------------------------------ This email was sent using SquirrelMail - http://squirrelmail.org
