[389-users] last login date supported in 389-ds?
brandon
bjg at solv.com
Wed Jun 8 21:59:35 UTC 2011
After having searched a bit, I think I know the answer. However, I am
asking the question in hopes that people may know of a project or effort
underway that I can dig into.
We have a requirement to record user activity (or more notably
inactivity). This is separate from password expiration. If an account
is inactive for X days, it must be auto-disabled. Since we are using a
directory server across hundreds of systems, the only way to do this is
in the directory.
Is there a schema option in 389-ds to support this, and concurrently a
pam module or extension to pam_ldap that supports it?
Ideally, pam_ldap would just have an option 'lastlog on' that would just
update the attribute on the user's object.
If there are not even any efforts to this end, I'll probably just hack
up something and put it into the .profile, but I was hoping to hedge off
of something else...
Thanks,
-Brandon
More information about the 389-users
mailing list