Most LDAP services provide the option to set an attribute for the password/account expiration date. Being able to embed a script into the User Search Filter field would allow the administrator to deny access to QB based on this field. An example using freeIPA for DS:
This:
(&(uid={0})(objectclass=inetorgperson))
Could Be:
(&(uid={0})(objectclass=inetorgperson)(krbPasswordExpiration>${util.formatDate(new Date(),"%Y%m%d%H%M%SZ")}))
An alternative approach would be to set the account or password expiration date via a helper field, similar to "User full name attribute" and "User email attribute."
Add a new field called "Password Expiration Date Attribute" that would receive "krbPasswordExpiration" in this case or a boolean attribute indicating if the account is locked or not.
Description
Most LDAP services provide the option to set an attribute for the password/account expiration date. Being able to embed a script into the User Search Filter field would allow the administrator to deny access to QB based on this field. An example using freeIPA for DS:
This:
(&(uid={0})(objectclass=inetorgperson))
Could Be:
(&(uid={0})(objectclass=inetorgperson)(krbPasswordExpiration>${util.formatDate(new Date(),"%Y%m%d%H%M%SZ")}))
An alternative approach would be to set the account or password expiration date via a helper field, similar to "User full name attribute" and "User email attribute."
Add a new field called "Password Expiration Date Attribute" that would receive "krbPasswordExpiration" in this case or a boolean attribute indicating if the account is locked or not.
Improvement
Resolved
Minor
allow embedding scripts on LDAP user filter