[389-users] Howto determine the last time an account was bound?
Rich Megginson
rmeggins at redhat.com
Tue Mar 2 16:26:42 UTC 2010
Ryan Braun [ADS] wrote:
> On March 2, 2010 03:18:43 pm Rich Megginson wrote:
>
>> Ryan Braun [ADS] wrote:
>>
>>> Is there an operational attribute or some other way to determine when the
>>> last time an account was used to bind to the server (or any server in a
>>> MMR setup). Basically looking to find out the last time an account
>>> performed a bind operation to test for account inactivity.
>>>
>> No, but there is a proposal to add something like that -
>> http://directory.fedoraproject.org/wiki/Account_Policy_Design
>>
>
> Yeah looks like what I'm after in that document is the loginTimestamp
> attribute. Most of our account maintenance would be done from cron and perl,
> with pam checking the shadow attributes for account/password expiry
> information. I just need a way to do a nightly audit for accounts that
> haven't been used in X days.
>
> Any idea on when that might get implemented? (loaded question I know :) )
>
No, but please file a bug/RFE
>
>>> Also, is there list of the available operational attributes anywhere?
>>>
>> grep -i operation /etc/dirsrv/schema/*
>>
>
> Nice tip, thanks Rich.
>
>
> Ryan Braun
> Aviation and Defence Services Division
> Chief Information Officer Branch, Environment Canada
> CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558
> E-Mail: Ryan.Braun at ec.gc.ca
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
More information about the 389-users
mailing list