Bug 2174161 - [RFE] Required to support both at a same time account inactivity and expiration.
Summary: [RFE] Required to support both at a same time account inactivity and expiration.
Keywords:
Status: ON_QA
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: 389-ds-base
Version: 11.0
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: DS12.3
: dirsrv-12.3
Assignee: mreynolds
QA Contact: LDAP QA Team
Mugdha Soni
URL:
Whiteboard: sync-to-jira
: 2174160 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-02-28 18:38 UTC by Danish Shaikh
Modified: 2023-08-09 09:39 UTC (History)
11 users (show)

Fixed In Version: redhat-ds-12-9030020230711000312-1674d57
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker IDMDS-2947 0 None None None 2023-04-17 17:15:57 UTC
Red Hat Issue Tracker IDMDS-3521 0 None None None 2023-08-09 09:39:17 UTC

Description Danish Shaikh 2023-02-28 18:38:02 UTC 
Description of problem:

when creating Account Policy plug-in configuration entry stateAttrName can be either lastLoginTime or createTimestamp.

As a part of customer security compliancy, we are required to support both account inactivity and expiration. This is an urgent requirement which we are trying to realise through RHDS.



Version-Release number of selected component (if applicable):

RHDS 11.


How reproducible:

20.10.2. Account Inactivity and Account Expiration
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/account-policy-plugin


Actual results:

- The alternate attribute  option is a fallback when the primary attribute does not exist.

- You can set a secondary attribute in altStateAttrName, that is checked if the primary one defined in stateAttrName does not exist"



Expected results:

As a part of customer security compliance, we are required to support both account inactivity and expiration. 


Additional info:
Comment 2 mreynolds 2023-03-29 14:52:46 UTC 
*** Bug 2174160 has been marked as a duplicate of this bug. ***
Comment 6 mreynolds 2023-05-02 16:57:31 UTC 
Upstream ticket:

https://github.com/389ds/389-ds-base/issues/5749
Comment 7 mreynolds 2023-05-02 17:51:42 UTC 
Design Doc:

https://www.port389.org/docs/389ds/design/account-policy-inactivity-and-expiration-design.html
Note You need to log in before you can comment on or make changes to this bug.