Overview [1]#

Disable-accounts-after-inactivity is a DirXML-Rule which can help with Account Inactivity policy enforcement.

If your desire is to expire accounts after some value of inactivity, we thought this was a cool idea on how you could.

When a user performs a login, the Login Time attribute is set. Using this as an event you can then set the Login Expiration Time attribute which will prevent the user from performing a login.

Policy:

<rule>
	<description>EXPIRE-AFTER-INACTIVE-DAYS</description>
	<conditions>
		<and>
			<if-op-attr name="Login Time" op="changing"/>
		</and>
	</conditions>
	<actions>
		<do-trace-message>
			<arg-string>
				<token-text xml:space="preserve">Logins will expire for this user on: </token-text>
				<token-convert-time dest-format="!FULL.DATETIME" dest-tz="UTC" offset="$EXPIRE-AFTER-INACTIVE-DAYS$" offset-unit="day" src-format="!CTIME" src-tz="UTC">
					<token-op-attr name="Login Time"/>
				</token-convert-time>
			</arg-string>
		</do-trace-message>
		<do-set-dest-attr-value name="Login Expiration Time">
			<arg-value type="time">
				<token-convert-time dest-format="!CTIME" dest-tz="UTC" offset="$EXPIRE-AFTER-INACTIVE-DAYS$" offset-unit="day" src-format="!CTIME" src-tz="UTC">
					<token-op-attr name="Login Time"/>
				</token-convert-time>
			</arg-value>
		</do-set-dest-attr-value>
	</actions>
</rule>

More Information #

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-7) was last changed on 24-Aug-2016 12:28 by jim