On 06/08/2011 03:59 PM, brandon wrote:
After having searched a bit, I think I know the answer. However, I
am
asking the question in hopes that people may know of a project or effort
underway that I can dig into.
We have a requirement to record user activity (or more notably
inactivity). This is separate from password expiration. If an account
is inactive for X days, it must be auto-disabled. Since we are using a
directory server across hundreds of systems, the only way to do this is
in the directory.
Is there a schema option in 389-ds to support this, and concurrently a
pam module or extension to pam_ldap that supports it?
http://directory.fedoraproject.org/wiki/Account_Policy_Design
Ideally, pam_ldap would just have an option 'lastlog on' that
would just
update the attribute on the user's object.
If there are not even any efforts to this end, I'll probably just hack
up something and put it into the .profile, but I was hoping to hedge off
of something else...
Thanks,
-Brandon
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users