FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 06-08-2011, 09:59 PM
brandon
 
Default last login date supported in 389-ds?

After having searched a bit, I think I know the answer. However, I am
asking the question in hopes that people may know of a project or effort
underway that I can dig into.

We have a requirement to record user activity (or more notably
inactivity). This is separate from password expiration. If an account
is inactive for X days, it must be auto-disabled. Since we are using a
directory server across hundreds of systems, the only way to do this is
in the directory.

Is there a schema option in 389-ds to support this, and concurrently a
pam module or extension to pam_ldap that supports it?

Ideally, pam_ldap would just have an option 'lastlog on' that would just
update the attribute on the user's object.

If there are not even any efforts to this end, I'll probably just hack
up something and put it into the .profile, but I was hoping to hedge off
of something else...

Thanks,

-Brandon
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 06-08-2011, 10:09 PM
Rich Megginson
 
Default last login date supported in 389-ds?

On 06/08/2011 03:59 PM, brandon wrote:
> After having searched a bit, I think I know the answer. However, I am
> asking the question in hopes that people may know of a project or effort
> underway that I can dig into.
>
> We have a requirement to record user activity (or more notably
> inactivity). This is separate from password expiration. If an account
> is inactive for X days, it must be auto-disabled. Since we are using a
> directory server across hundreds of systems, the only way to do this is
> in the directory.
>
> Is there a schema option in 389-ds to support this, and concurrently a
> pam module or extension to pam_ldap that supports it?
http://directory.fedoraproject.org/wiki/Account_Policy_Design
> Ideally, pam_ldap would just have an option 'lastlog on' that would just
> update the attribute on the user's object.
>
> If there are not even any efforts to this end, I'll probably just hack
> up something and put it into the .profile, but I was hoping to hedge off
> of something else...
>
> Thanks,
>
> -Brandon
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 07:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org