Hello, is there a way in FreeIPA to access LDAP fields which are not normally accessible, such as createTimeStamp? Many thanks.
On pe, 09 joulu 2022, None via FreeIPA-users wrote:
Hello, is there a way in FreeIPA to access LDAP fields which are not normally accessible, such as createTimeStamp?
This specific operational LDAP attribute is not accessible over IPA API. Could you please explain what you are trying to achieve, in more details?
P.S. Please also configure your identity so that there is a real name, not 'None' in the emails.
Hi Alexander,
I’m sorry, but I’m not sure how to configure my identity so that my email address appears.
In the company I’m working for, FreeIPA is used to create accounts to access Hue, Zeppelin, and other software. I was wondering if there were a way to retrieve account-creation dates with IPA, for say, inventory purposes. For instance, say n accounts were created 10 years ago, but aren’t used anymore. Then, you might decide to disable them.
Le 9 déc. 2022 à 19:14, Alexander Bokovoy abokovoy@redhat.com a écrit :
On pe, 09 joulu 2022, None via FreeIPA-users wrote:
Hello, is there a way in FreeIPA to access LDAP fields which are not normally accessible, such as createTimeStamp?
This specific operational LDAP attribute is not accessible over IPA API. Could you please explain what you are trying to achieve, in more details?
P.S. Please also configure your identity so that there is a real name, not 'None' in the emails.
-- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
On pe, 09 joulu 2022, Philippe de Rochambeau wrote:
Hi Alexander,
I’m sorry, but I’m not sure how to configure my identity so that my email address appears.
In the company I’m working for, FreeIPA is used to create accounts to access Hue, Zeppelin, and other software. I was wondering if there were a way to retrieve account-creation dates with IPA, for say, inventory purposes. For instance, say n accounts were created 10 years ago, but aren’t used anymore. Then, you might decide to disable them.
If you want to achieve that, running LDAP query directly would be as good. I suppose it would be a periodic job run non-interactively, so you really ought to look into
krbLastSuccessfulAuth krbPrincipalExpiration
which both are accessible via IPA API as well.
creatorTimestamp is good to lookup in LDAP but it might not be the right value. It is certainly not an indication of the activity.
Le 9 déc. 2022 à 19:14, Alexander Bokovoy abokovoy@redhat.com a écrit :
On pe, 09 joulu 2022, None via FreeIPA-users wrote:
Hello, is there a way in FreeIPA to access LDAP fields which are not normally accessible, such as createTimeStamp?
This specific operational LDAP attribute is not accessible over IPA API. Could you please explain what you are trying to achieve, in more details?
P.S. Please also configure your identity so that there is a real name, not 'None' in the emails.
-- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
freeipa-users@lists.fedorahosted.org