On May 29, 2015, at 8:27 AM, Jeremy Ravel <Jeremy.Ravel@etu.univ-savoie.fr> wrote:
When I create an user, i want to be able to put a date when this user will be able to logon I added this in the file dictionnary ATTRIBUTE Date 3003 string
That defines an attribute name, and a data type. You want it to have data type "date", not "string". You should give it a more descriptive name, like "Account-Start-Date". That makes policies easier to understand.
And i want to compare this date with the current date, but i think i have to add sql request to get this, can i do my query in the police.conf file ?
Yes. But you can't just say "use SQL". You have to understand the process. Where are the user credentials stored? i.e. name, password, etc. SQL? If so, put the Account-Start-Date attribute in SQL, along with the other user information. Use the ":=" operator to set the value of the attribute. And give it a value which is a date. Then in your policy (which has to run AFTER the sql module), compare the attributes. In v2: if (Account-Start-Date < "%{Current-Time}") { reject } Alan DeKok.