Locking accounts after X days without logging in

During an internal security review of Pydio, we were asked if Pydio can lock accounts that have not been used for a specific number of days.

We are using Pydio 8.0.2 Community Edition.

Any ideas on how to do that?

I’m guessing that if we can track the account last login date (and create date, in case an account was created but never used), a cron job could check each account and lock them if “current_date > (last_login_date + max_inactivity_days)”.

Please advise.

In the ajxp_log table you have events like create_user and log in with their time stamp
in the ajxp_users table there is a field named password
It’s really tricky to disable an user using a scheduled cron job

Thanks @romoloman !

I’ll take a look at this over the next few days. I’ll post back with my findings.