lune voo wrote:
It can be pretty intensive, for the master, you mean ?
Intensive for all masters. If you run it on all users then every master
will be queried # of users times, minimum. Just run it at a quiet time
and (e.g. middle of the night) and it should be fine.
I would like to avoid that but I am very interested to determine the
users who are inactive.
Ipa user find needs to be performed on each master I have ?
Just once to obtain the list of all users to query.
ipa user-find --pkey-only
Depending on the number of users you can pipe this into greps/awks/etc
to just pull out the login names. Iterate over that calling ipa user-status.
rob
Best regards.
Lune.
Le mar. 20 août 2019 à 20:44, Rob Crittenden <rcritten(a)redhat.com
<mailto:rcritten@redhat.com>> a écrit :
lune voo via FreeIPA-users wrote:
> Hey guys !
>
> And if we want to do that for all the users ?
>
> Is it better to use an ipa user-find --sizelimit=2000 --all with a
grep
> of is there another solution more appropriate ?
It's not really the same thing. user-status polls each IPA Master to
determine the lockout status which also conveniently for you includes
the last successful and failed login attempts. user-find won't do this.
You could use user-find to find all the login names and then iterate a
user-status on them but be aware that this could be pretty intensive.
rob
>
> Thank you in advance for your help.
>
> Best regards.
>
> Lune.
>
> Le ven. 16 août 2019 à 14:14, Rob Crittenden via FreeIPA-users
> <freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>> a écrit :
>
> Arpit Tolani via FreeIPA-users wrote:
> > It is never synced across masters, Check this on all servers.
> >
> > ipa user-show --all --raw <user> | grep krbLastSuccessfulAuth
>
> ipa user-status <user> will do this.
>
> rob
>
> >
> >
> >
> > On Fri, Aug 16, 2019 at 3:12 PM Boyd Ako via FreeIPA-users
> > <freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
> > <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>>> wrote:
> >
> > Is there any way to check when a user has last logged
into any of
> > the systems? I've tried `ipa user-show`, but the "Last
Successful
> > Authentication" is N/A.
> > _______________________________________________
> > FreeIPA-users mailing list --
> freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
> > <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>>
> > To unsubscribe send an email to
> > freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>
> > <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>>
> > Fedora Code of Conduct:
> >
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> >
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> >
> >
> >
> > --
> > Thanks & Regards
> > Arpit Tolani
> >
> >
> >
> > _______________________________________________
> > FreeIPA-users mailing list --
> freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
> > To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>
> > Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> >
> _______________________________________________
> FreeIPA-users mailing list --
freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> <mailto:freeipa-users@lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>>
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> <mailto:freeipa-users-leave@lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>>
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
>