PingDirectory

Configuring the Purge Expired Data plugin for expired entries

About this task

Use the Purge Expired Data plugin to delete all unverified account entries that have not been accessed in the past eight weeks. The is useful for the following scenarios:

  • Accounts that potential customers started to create through an application’s registration process but then did not complete.

  • The phone number or email address that was provided during registration was not verified and should be allowed to be used by another account.

Steps

  1. If necessary, enable the Last Access Time plugin:

    The server can track the last access time automatically in the ds-last-access-time attribute by enabling the Last Access Time plugin.

    Example:

    $ bin/dsconfig set-plugin-prop \
      --plugin-name "Last Access Time" \
      --set enabled:true
  2. To determine expiration order, create an index on the date attribute.

    The Purge Expired Data plugin requires the date attribute that is used to determine expiration to be indexed for ordering.

    Example:

    $ bin/dsconfig create-local-db-index \
      --backend-name userRoot \
      --index-name ds-last-access-time \
      --set index-type:ordering
  3. If there is data present in the directory, rebuild the index.

    Example:

    $ bin/rebuild-index \
      --baseDN dc=example,dc=com \
      --index ds-last-access-time
  4. Create the plugin that purges account entries objectclass=account that are not verified.

    Example:

    The following example purges account entries verified=false after eight weeks of inactivity.

    $ bin/dsconfig create-plugin \
      --plugin-name "Purge Old Unvalidated Accounts" \
      --type purge-expired-data \
      --set enabled:true \
      --set datetime-attribute:ds-last-access-time \
      --set "expiration-offset:8 w" \
      --set "filter:(&(objectClass=account)(verified=false))"