Page created: 6 Nov 2019 |
Page updated: 25 Mar 2020
This example deletes all unverified account entries that have not been accessed in the past eight weeks. They could be accounts that potential customers started to create through an application's registration process, but then did not complete. The phone number or email address that was provided during registration was not verified, and should be allowed to be used by another account. The server can track the last access time automatically in the ds-last-access-time attribute by enabling the Last Access Time plugin.
If necessary, enable the Last Access Time plugin:
$ bin/dsconfig set-plugin-prop \ --plugin-name "Last Access Time" \ --set enabled:true
The Purge Expired Data plugin requires the date attribute that is used to
determine expiration to be indexed for ordering. An index on that attribute
must be created:
$ bin/dsconfig create-local-db-index \ --backend-name userRoot \ --index-name ds-last-access-time \ --set index-type:ordering
If there is data present in the directory, rebuild the index:
$ bin/rebuild-index \ --baseDN dc=example,dc=com \ --index ds-last-access-time
Create the plugin that purges account entries objectclass=account
that are not verified verified=false after eight weeks of inactivity:
$ bin/dsconfig create-plugin \ --plugin-name "Purge Old Unvalidated Accounts" \ --type purge-expired-data \ --set enabled:true \ --set datetime-attribute:ds-last-access-time \ --set "expiration-offset:8 w" \ --set "filter:(&(objectClass=account)(verified=false))"