Question for time based group membership in FL 2016

Kees van Vloten keesvanvloten at gmail.com
Fri Feb 2 09:39:00 UTC 2024


On 02-02-2024 09:44, Stefan Kania via samba-technical wrote:
> Hi Kees,
>
> I will take a look at it, maybe I can get some input from it :-). My 
> problem is not to set an attribute an a conjob to find users and 
> remove them from a group. That's something I managed already I added a 
> new attribute to cn=user put the time in unix-format + 3600  in this 
> attribute and check with a conjob every 5 minutes. If time expires I 
> remove the user from the group. BUT the DCs are located in different 
> timezone, that's the point where it geting tricky :-)
Why don't you use LDAP time?

That is the same everywhere (and more logical to use in an ldap 
attribute) and it's not too hard to convert it to unix-time:

unix_timestamp=($ldap_timestamp/10000000)-11644473600

- Kees.

> Stefan
>
> Am 01.02.24 um 22:16 schrieb Kees van Vloten via samba-technical:
>>
>> I have created a kind similar implementation called auto-lock, where 
>> (admin-)users that member of the "autolock" group automatically get 
>> disabled at midnight every day 
>> (https://github.com/kvvloten/samba_integrations/tree/main/domain_controller/manage_scripts#disable-special-users-daily)
>



More information about the samba-technical mailing list