<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 05/09/2012 08:17 AM, Ali Jawad wrote:
<blockquote
cite="mid:CAG2QdgYoz-w6gmEuon=xSku_=evi7-Tb-W4KYf7PfEU8bQ+-Xg@mail.gmail.com"
type="cite">
<div dir="ltr">Hi
<div>Thanks Rich, just what I was searching for, I am facing a
problem though "ldapmodify: No such object (32) matched DN:
dc=domain,dc=local"at :</div>
<div><br>
</div>
<div>
<pre class="screen" style="line-height:1.29em;font-family:'liberation mono','bitstream vera mono','dejavu mono',monospace;background-color:rgb(245,245,245);border-top-width:1px;border-right-width:1px;border-bottom-width:1px;border-left-width:1px;border-top-style:solid;border-right-style:solid;border-bottom-style:solid;border-left-style:solid;border-top-color:rgb(170,170,170);border-right-color:rgb(170,170,170);border-bottom-color:rgb(170,170,170);border-left-color:rgb(170,170,170);margin-bottom:0.3em;padding-top:0.5em;padding-right:1em;padding-bottom:0.5em;padding-left:1em;white-space:pre-wrap;word-wrap:break-word;font-size:0.9em;border-top-left-radius:11px;border-top-right-radius:11px;border-bottom-right-radius:11px;border-bottom-left-radius:11px">
[user@server ~]$ ldapmodify <strong class="userinput">-a</strong> -D "cn=directory manager" -w secret -p 389 -h <a moz-do-not-send="true" href="http://server.example.com">server.example.com</a> -x
dn: cn=Account Inactivation Policy,dc=example,dc=com
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
<strong class="userinput">objectClass: accountpolicy</strong>
<strong class="userinput">accountInactivityLimit: 2592000</strong>
cn: Account Inactivation Policy</pre>
</div>
<div><br>
</div>
<div>I am doing </div>
<div><br>
</div>
<div>
<div>[root@386-100-16 dirsrv]# ldapmodify -D "cn=directory
manager" -w password -p 389 -h x.x.x.x -x</div>
<div>
<br>
</div>
<div>dn: cn=Account Inactivation Policy,dc=domain,dc=local</div>
<div>objectClass: top</div>
<div>objectClass: ldapsubentry</div>
<div>objectClass: extensibleObject</div>
<div>objectClass: accountpolicy</div>
<div>accountInactivityLimit: 2592000</div>
<div>cn: Account Inactivation Policy</div>
<div>modifying entry "cn=Account Inactivation
Policy,dc=domain,dc=local"</div>
<div><br>
</div>
<div>ldapmodify: No such object (32)</div>
<div> matched DN: dc=domain,dc=local</div>
</div>
</div>
</blockquote>
<br>
Right. You are missing the ldapmodify -a - see the original
instructions<br>
<br>
<blockquote
cite="mid:CAG2QdgYoz-w6gmEuon=xSku_=evi7-Tb-W4KYf7PfEU8bQ+-Xg@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<br>
<div class="gmail_quote">On Wed, May 9, 2012 at 4:47 PM, Rich
Megginson <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div class="h5"> On 05/09/2012 07:45 AM, Ali Jawad
wrote:
<blockquote type="cite">
<div dir="ltr">Hi
<div>I have a requirement to disable inactive
users after 90 days. I did read <a
moz-do-not-send="true"
href="http://directory.fedoraproject.org/wiki/Account_Policy_Design"
target="_blank">http://directory.fedoraproject.org/wiki/Account_Policy_Design</a>
but I am not sure whether this is a
design proposal or the actual implementation. </div>
<div><br>
</div>
<div>My DS version is :</div>
<div><br>
</div>
<div>
<div>rpm -qa | grep 389</div>
<div>389-admin-console-1.1.8-1.el5</div>
<div>389-ds-base-1.2.9.9-1.el5</div>
<div>389-dsgw-1.1.7-2.el5</div>
<div>389-console-1.1.7-3.el5</div>
<div>389-adminutil-1.1.14-1.el5</div>
<div>389-admin-1.1.23-1.el5</div>
<div>389-admin-console-doc-1.1.8-1.el5</div>
<div>389-ds-1.2.1-1.el5</div>
<div>389-ds-base-libs-1.2.9.9-1.el5</div>
<div>389-ds-console-1.2.6-1.el5</div>
<div>389-ds-console-doc-1.2.6-1.el5</div>
</div>
<div>
<div><br>
</div>
I got </div>
<div><br>
</div>
<div>
<div>[root@386-100-16 dirsrv]# ldapsearch -x
-D "cn=Directory manager" -w Password -b
"cn=config" -s base lastLoginTime</div>
<div># extended LDIF</div>
<div>#</div>
<div># LDAPv3</div>
<div># base <cn=config> with scope
baseObject</div>
<div># filter: (objectclass=*)</div>
<div># requesting: lastLoginTime </div>
<div>#</div>
<div><br>
</div>
<div> # config</div>
<div>dn: cn=config</div>
<div><br>
</div>
<div># search result</div>
<div>search: 2</div>
<div>result: 0 Success</div>
<div><br>
</div>
<div># numResponses: 2</div>
<div># numEntries: 1</div>
<div><br>
</div>
<div>and </div>
<div><br>
</div>
<div>
<div>[root@386-100-16 dirsrv]# grep -i
lastlogintime
/etc/dirsrv/slapd-386-100-16/schema/*</div>
<div>/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:##
lastLoginTime holds login state in user
entries (GeneralizedTime syntax)</div>
<div>/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes:
( 2.16.840.1.113719.1.1.4.1.35 NAME
'lastLoginTime'</div>
</div>
<div><br>
</div>
<div>I am not sure how to implement this
though, please advice.</div>
</div>
</div>
</blockquote>
</div>
</div>
<a moz-do-not-send="true"
href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html"
target="_blank">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html</a><br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div><br>
</div>
<div>Regards</div>
<br>
</div>
</div>
<br>
<span class="HOEnZb"><font color="#888888">
<fieldset></fieldset>
<br>
<pre>--
389 users mailing list
<a moz-do-not-send="true" href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a moz-do-not-send="true" href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</font></span></blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr"><font><font color="#888888"><b>Ali Jawad<br>
</b></font></font>
<div>
<div><font><font color="#888888"><b>Information Systems
Manager</b></font></font></div>
<div><font><font color="#888888"><b>Splendor Telecom <span
style="background-color:rgb(255,255,255)">(</span><span
style="background-color:rgb(51,51,255);color:rgb(51,102,255)"><a
moz-do-not-send="true"
href="http://www.splendor.net/"
target="_blank"><span
style="background-color:rgb(255,255,255)"><font
color="#3366ff">www.splendor.net</font></span></a></span><span
style="background-color:rgb(255,255,255)">)</span><br>
Beirut, Lebanon<br>
Phone: +9611373725/ext 116<br>
FAX: +9611375554</b></font></font></div>
</div>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</body>
</html>