diff --git a/include/management/snapshot/class_SnapshotHandler.inc b/include/management/snapshot/class_SnapshotHandler.inc
index 371671ca92dabc6c226e32935d4140f93cee3e19..aa6119552269f61c55126c8d472e784c0a3af9b7 100644
--- a/include/management/snapshot/class_SnapshotHandler.inc
+++ b/include/management/snapshot/class_SnapshotHandler.inc
@@ -284,6 +284,48 @@ class SnapshotHandler
     logging::log('snapshot', 'create', $new_dn, array_keys($target), $ldap->get_error());
   }
 
+  // function verifing the configuration retention for snapshots.
+  // Remove snapshots from the user if retention rules approves.
+  public function verifySnapshotRetention (string $dn) : void
+  {
+    global $config;
+
+    $snapMinRetention  = $config->current['SNAPSHOTMINRETENTION'];
+    $snapRetentionDays = $config->current['SNAPSHOTRETENTIONDAYS'];
+
+    // calculate the epoch date on which snaps can be delete.
+    $todayMinusRetention = time() - ($snapRetentionDays * 24 * 60 * 60);
+    $snapDateToDelete = strtotime(date('Y-m-d H:i:s', $todayMinusRetention));
+
+    $dnSnapshotsList = $this->getSnapshots($dn, TRUE);
+    $snapToDelete = [];
+    $snapCount = 0;
+
+    if (isset($dnSnapshotsList) && !empty($dnSnapshotsList)) {
+      foreach ($dnSnapshotsList as $snap) {
+        $snapCount += 1;
+        // let's keep seconds instead of nanosecs
+        $snapEpoch = preg_split('/-/', $snap['gosaSnapshotTimestamp'][0]);
+        if ($snapEpoch[0] < $snapDateToDelete) {
+          $snapToDelete[] = $snap['dn'];
+        }
+      }
+    }
+
+    // The not empty is not mandatory but is more ressource friendly
+    if (!empty($snapToDelete) && ($snapCount > $snapMinRetention)) {
+      $snapToKeep = $snapCount - $snapMinRetention;
+      // Sort snapToDelete by old first DN timestamp is the only thing different.
+      sort($snapToDelete);
+      for ($i = 0; $i < $snapToKeep; $i++) {
+        // not empty required because array keeps on being iterated even if NULL object.
+        if (!empty($snapToDelete[$i])) {
+          $this->removeSnapshot($snapToDelete[$i]);
+        }
+      }
+    }
+  }
+
   /*!
    * \brief Remove a snapshot
    *
@@ -291,6 +333,7 @@ class SnapshotHandler
    */
   function removeSnapshot ($dn)
   {
+    error_log($dn);
     global $config;
     $ldap = $config->get_ldap_link();
     $ldap->cd($config->current['BASE']);
diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc
index 63bce787703a5905df0c6494e22cc39f422aaab1..08f4f2053bf3fe8230c6e64064b54c325b369f20 100644
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -400,9 +400,9 @@ class user extends simplePlugin
   {
     $snapshotHandler = new SnapshotHandler();
     $snapshotHandler->createSnapshot($this->dn, 'automatic snapshot', 'USER', 'FD');
+    $snapshotHandler->verifySnapshotRetention($this->dn);
   }
 
-
   function adapt_from_template (array $attrs, array $skip = [])
   {
     if ($this->uid != '') {