LOCALE_PATHS is set to
/var/lib/authentic2/locale:<project>/authentic2/locale and new entries
can be prepended through the environment variable LOCALE_PATHS.
This command takes one required argument the number of days before
deleting an account. Accounts not logged since this number of days are
sent an email using templates,
authentic2/unused_account_delete_subject.txt and
authentic2/unused_account_delete_body.txt and are deleted using the
DeletedUser model, to allow for mass deletion and actions on deletion.
The template receives two variable: user and the days threshold.
The --alert-thresholds parameter allow to set threshold in days after
which accounts will receive an alert email warning people of the future
deletion of their account. Alert thresholds are given as a comma
separated list of days count, each days count must be inferior to the
delete threshold. The mail templates are
authentic2/unused_account_alert_subject.txt and
authentic2/unused_account_alert_body.txt. The template receives three
variable: user, the current alert threshold and the remaining days
before reaching the delete threshold.
You can limit cleaning to only some kind of accounts using the --filter
option, for example --filter groups__name="Online registration" will
limit the cleaning to accounts in the "Online registration" group.
The --fake option will only print actions done and will not send emails
or delete accounts.
The --period option is the number of days between two runs of the
clean-unused-accounts command, it defaults to one day.
The external_id template can be specified using external_id_tuples. Each
tuple list the attributes to concatenante to build the external id.
Attributes are urlencode then joined using a space character. If you add
the ':unquote' suffix to an attribute name it will not be urlencoded,
but you must be sure it's always an ASCII string without any space.
The new setting clean_external_id_on_update indicate to clean all other
existing external id for an user after linking the user to an external
id.
All use of UserExternalId is supported by the default configuration of:
external_id_tuples=(('dn:unquote',),),
to migrate to a new way of building the external id just define:
external_id_tuple=(('my', 'new', 'tuple), ('dn:unquote',)),
The first tuple is used to canonicalize the external id of a found or
newly created user. The other tuples are only used to lookup existing
users, so that you can safely migrate from an old way of building the
external_id to a new one.
On AD the following configuration gives a permanent external id:
external_id_tuple=(('objectGUID',),)
On OpenLDAP:
external_id_tuple=(('entryUUID',),)
Benjamin Dauvergne
Jérôme Schneider
Frédéric Péters