[389-users] Disable Inactive Users After 90 days
Ali Jawad
ali.jawad at splendor.net
Wed May 9 14:17:50 UTC 2012
Hi
Thanks Rich, just what I was searching for, I am facing a problem though
"ldapmodify: No such object (32) matched DN: dc=domain,dc=local"at :
[user at server ~]$ ldapmodify *-a* -D "cn=directory manager" -w secret
-p 389 -h server.example.com -x
dn: cn=Account Inactivation Policy,dc=example,dc=com
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject*objectClass:
accountpolicy**accountInactivityLimit: 2592000*
cn: Account Inactivation Policy
I am doing
[root at 386-100-16 dirsrv]# ldapmodify -D "cn=directory manager" -w password
-p 389 -h x.x.x.x -x
dn: cn=Account Inactivation Policy,dc=domain,dc=local
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
modifying entry "cn=Account Inactivation Policy,dc=domain,dc=local"
ldapmodify: No such object (32)
matched DN: dc=domain,dc=local
On Wed, May 9, 2012 at 4:47 PM, Rich Megginson <rmeggins at redhat.com> wrote:
> On 05/09/2012 07:45 AM, Ali Jawad wrote:
>
> Hi
> I have a requirement to disable inactive users after 90 days. I did read
> http://directory.fedoraproject.org/wiki/Account_Policy_Design but I am
> not sure whether this is a design proposal or the actual implementation.
>
> My DS version is :
>
> rpm -qa | grep 389
> 389-admin-console-1.1.8-1.el5
> 389-ds-base-1.2.9.9-1.el5
> 389-dsgw-1.1.7-2.el5
> 389-console-1.1.7-3.el5
> 389-adminutil-1.1.14-1.el5
> 389-admin-1.1.23-1.el5
> 389-admin-console-doc-1.1.8-1.el5
> 389-ds-1.2.1-1.el5
> 389-ds-base-libs-1.2.9.9-1.el5
> 389-ds-console-1.2.6-1.el5
> 389-ds-console-doc-1.2.6-1.el5
>
> I got
>
> [root at 386-100-16 dirsrv]# ldapsearch -x -D "cn=Directory manager" -w
> Password -b "cn=config" -s base lastLoginTime
> # extended LDIF
> #
> # LDAPv3
> # base <cn=config> with scope baseObject
> # filter: (objectclass=*)
> # requesting: lastLoginTime
> #
>
> # config
> dn: cn=config
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> and
>
> [root at 386-100-16 dirsrv]# grep -i lastlogintime
> /etc/dirsrv/slapd-386-100-16/schema/*
> /etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:## lastLoginTime
> holds login state in user entries (GeneralizedTime syntax)
> /etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes: (
> 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime'
>
> I am not sure how to implement this though, please advice.
>
>
> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html
>
>
> Regards
>
>
>
> --
> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
--
*Ali Jawad
*
*Information Systems Manager*
*Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120509/dcfde4ac/attachment.html>
More information about the 389-users
mailing list