[389-users] Question about lastlogintime

Mark Reynolds mareynol at redhat.com
Fri Jul 26 19:50:13 UTC 2013 

Harry,

Check this out:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html#account-policy-plugin-wo-lockout

All you have to do is turn on the plugin, and add this entry to the config:

dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
objectClass: top
objectClass: extensibleObject
cn: config
alwaysrecordlogin: yes
stateattrname: lastLoginTime
altstateattrname: createTimestamp
specattrname: acctPolicySubentry
limitattrname: accountInactivityLimit


Then all future logins will automatically be recorded:

ldapsearch -D "uid=mark,dc=example,dc=com" -w password -b 
"dc=example,dc=com" -xLLL  uid=* lastlogintime
dn: uid=mark,dc=example,dc=com
lastlogintime: 20130726194751Z

Regards,
Mark


On 07/26/2013 03:35 PM, harry.devine at faa.gov wrote:
>
> I looked them over but I'm still not clear on it.  I don't necessarily 
> want to lock out accounts after a certain amount of time, I just want 
> to record the last login time.  I guess I still don't see whether I 
> need add that attribute to each user account, either manually or via 
> some sort of script.
>
> Thanks,
> Harry
>
> Harry Devine
> Common ARTS Software Development
> AJM-245
> (609)485-4218
> Harry.Devine at faa.gov
>
>
> From: 	Rich Megginson <rmeggins at redhat.com>
> To: 	"General discussion list for the 389 Directory server project." 
> <389-users at lists.fedoraproject.org>
> Cc: 	Harry Devine/ACT/FAA at FAA
> Date: 	07/26/2013 11:57 AM
> Subject: 	Re: [389-users] Question about lastlogintime
>
>
> ------------------------------------------------------------------------
>
>
>
> On 07/26/2013 09:07 AM, _harry.devine at faa.gov_ 
> <mailto:harry.devine at faa.gov>wrote:
>
> We were interested in tracking a user's last login time, and I see the 
> attribute that I can add in the user's profile.  But we have 460 users 
> so adding that in manually would be tedious.  I saw this article 
> online: _https://fedorahosted.org/389/ticket/371_and wondered if all 
> we had to do was add what it mentions to our dse.ldif file and restart 
> the server.
>
> Yes, but see _http://www.port389.org/wiki/Account_Policy_Design_and 
> _https://fedorahosted.org/389/ticket/47439_
>
>
> Would that work?  If not, would scripting the addition of that 
> attribute be possible?  Or is there another way?
>
>
>
>
> Thanks!
> Harry
>
>
> --
> 389 users mailing list
> _389-users at lists.fedoraproject.org_ 
> <mailto:389-users at lists.fedoraproject.org>
> _https://admin.fedoraproject.org/mailman/listinfo/389-users_
>
>
>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

-- 
Mark Reynolds
Red Hat, Inc
mreynolds at redhat.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130726/945a259b/attachment.html>

More information about the 389-users mailing list