[389-users] Howto determine the last time an account was bound?
Ryan Braun [ADS]
ryan.braun at ec.gc.ca
Tue Mar 2 16:22:02 UTC 2010
On March 2, 2010 03:18:43 pm Rich Megginson wrote:
> Ryan Braun [ADS] wrote:
> > Is there an operational attribute or some other way to determine when the
> > last time an account was used to bind to the server (or any server in a
> > MMR setup). Basically looking to find out the last time an account
> > performed a bind operation to test for account inactivity.
>
> No, but there is a proposal to add something like that -
> http://directory.fedoraproject.org/wiki/Account_Policy_Design
Yeah looks like what I'm after in that document is the loginTimestamp
attribute. Most of our account maintenance would be done from cron and perl,
with pam checking the shadow attributes for account/password expiry
information. I just need a way to do a nightly audit for accounts that
haven't been used in X days.
Any idea on when that might get implemented? (loaded question I know :) )
>
> > Also, is there list of the available operational attributes anywhere?
>
> grep -i operation /etc/dirsrv/schema/*
Nice tip, thanks Rich.
Ryan Braun
Aviation and Defence Services Division
Chief Information Officer Branch, Environment Canada
CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558
E-Mail: Ryan.Braun at ec.gc.ca
More information about the 389-users
mailing list