[389-users] last login date supported in 389-ds?
Rich Megginson
rmeggins at redhat.com
Wed Jun 8 22:09:34 UTC 2011
On 06/08/2011 03:59 PM, brandon wrote:
> After having searched a bit, I think I know the answer. However, I am
> asking the question in hopes that people may know of a project or effort
> underway that I can dig into.
>
> We have a requirement to record user activity (or more notably
> inactivity). This is separate from password expiration. If an account
> is inactive for X days, it must be auto-disabled. Since we are using a
> directory server across hundreds of systems, the only way to do this is
> in the directory.
>
> Is there a schema option in 389-ds to support this, and concurrently a
> pam module or extension to pam_ldap that supports it?
http://directory.fedoraproject.org/wiki/Account_Policy_Design
> Ideally, pam_ldap would just have an option 'lastlog on' that would just
> update the attribute on the user's object.
>
> If there are not even any efforts to this end, I'll probably just hack
> up something and put it into the .profile, but I was hoping to hedge off
> of something else...
>
> Thanks,
>
> -Brandon
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list