Question for time based group membership in FL 2016
Kees van Vloten
keesvanvloten at gmail.com
Fri Feb 2 09:39:00 UTC 2024
On 02-02-2024 09:44, Stefan Kania via samba-technical wrote:
> Hi Kees,
>
> I will take a look at it, maybe I can get some input from it :-). My
> problem is not to set an attribute an a conjob to find users and
> remove them from a group. That's something I managed already I added a
> new attribute to cn=user put the time in unix-format + 3600 in this
> attribute and check with a conjob every 5 minutes. If time expires I
> remove the user from the group. BUT the DCs are located in different
> timezone, that's the point where it geting tricky :-)
Why don't you use LDAP time?
That is the same everywhere (and more logical to use in an ldap
attribute) and it's not too hard to convert it to unix-time:
unix_timestamp=($ldap_timestamp/10000000)-11644473600
- Kees.
> Stefan
>
> Am 01.02.24 um 22:16 schrieb Kees van Vloten via samba-technical:
>>
>> I have created a kind similar implementation called auto-lock, where
>> (admin-)users that member of the "autolock" group automatically get
>> disabled at midnight every day
>> (https://github.com/kvvloten/samba_integrations/tree/main/domain_controller/manage_scripts#disable-special-users-daily)
>
More information about the samba-technical
mailing list