» Linux Archive
Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.
» Sponsor
» Sponsor
05-09-2012, 01:45 PM
Disable Inactive Users After 90 days
HiI have a requirement to disable inactive users after 90 days. I did read*
05-09-2012, 01:47 PM
Disable Inactive Users After 90 days
On 05/09/2012 07:45 AM, Ali Jawad wrote:
05-09-2012, 02:17 PM
Disable Inactive Users After 90 days
HiThanks Rich, just what I was searching for, I am facing a problem though "ldapmodify: No such object (32)*matched DN: dc=domain,dc=local"at :
05-09-2012, 02:19 PM
Disable Inactive Users After 90 days
On 05/09/2012 08:17 AM, Ali Jawad wrote:
05-09-2012, 02:26 PM
Disable Inactive Users After 90 days
Hi RichYour help is highly appreciated, I got it working, thanks for your patience.
05-09-2012, 04:09 PM
Disable Inactive Users After 90 days
Hi RichSeems I still got a problem, the users can't logon anymore, I did try to*
dn: uid=username,ou=people,dc=domain,dc=localchangetyp e: deletedelete: lastLoginTime
But I keep*getting*
ldapmodify: extra lines at end (line 3 of entry "uid=username,ou=people,dc=domain,dc=local")
I checked for whitespaces, extra lines..but still same issue
I did also check for lastLoginTime values in the users in the interface, but the value is empty..so not sure if this is the problem at all
Regards
On Wed, May 9, 2012 at 5:26 PM, Ali Jawad <ali.jawad@splendor.net> wrote:
Hi RichYour help is highly appreciated, I got it working, thanks for your patience.
Regards
On Wed, May 9, 2012 at 5:19 PM, Rich Megginson <rmeggins@redhat.com> wrote:
On 05/09/2012 08:17 AM, Ali Jawad wrote:
Hi
Thanks Rich, just what I was searching for, I am facing a
problem though "ldapmodify: No such object (32)*matched DN:
dc=domain,dc=local"at :
[user@server ~]$ ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com -x
dn: cn=Account Inactivation Policy,dc=example,dc=com
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
I am doing*
[root@386-100-16 dirsrv]# ldapmodify -D "cn=directory
manager" -w password *-p 389 -h x.x.x.x * -x
dn: cn=Account Inactivation Policy,dc=domain,dc=local
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
modifying entry "cn=Account Inactivation
Policy,dc=domain,dc=local"
ldapmodify: No such object (32)
* * * * matched DN: dc=domain,dc=local
Right.* You are missing the ldapmodify -a - see the original
instructions
On Wed, May 9, 2012 at 4:47 PM, Rich
Megginson <rmeggins@redhat.com>
wrote:
On 05/09/2012 07:45 AM, Ali Jawad
wrote:
Hi
I have a requirement to disable inactive
users after 90 days. I did read* http://directory.fedoraproject.org/wiki/Account_Policy_Design*
but I am not sure whether this is a
design*proposal*or the actual*implementation.*
My DS version is :
rpm -qa | grep 389
389-admin-console-1.1.8-1.el5
389-ds-base-1.2.9.9-1.el5
389-dsgw-1.1.7-2.el5
389-console-1.1.7-3.el5
389-adminutil-1.1.14-1.el5
389-admin-1.1.23-1.el5
389-admin-console-doc-1.1.8-1.el5
389-ds-1.2.1-1.el5
389-ds-base-libs-1.2.9.9-1.el5
389-ds-console-1.2.6-1.el5
389-ds-console-doc-1.2.6-1.el5
I got*
[root@386-100-16 dirsrv]# ldapsearch -x
-D "cn=Directory manager" -w Password -b
"cn=config" -s base lastLoginTime
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope
baseObject
# filter: (objectclass=*)
# requesting: lastLoginTime*
#
# config
dn: cn=config
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
and*
[root@386-100-16 dirsrv]# grep -i
lastlogintime
/etc/dirsrv/slapd-386-100-16/schema/*
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:##
lastLoginTime holds login state in user
entries (GeneralizedTime syntax)
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes:
( 2.16.840.1.113719.1.1.4.1.35 NAME
'lastLoginTime'
I am not sure how to implement this
though, please advice.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html
Regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Ali Jawad
Information Systems
Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
Ali Jawad
Information Systems Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
Ali Jawad
Information Systems Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
05-09-2012, 04:09 PM
Disable Inactive Users After 90 days
On 05/09/2012 10:09 AM, Ali Jawad wrote:
Hi Rich
Seems I still got a problem, the users can't logon anymore,
I did try to*
dn: uid=username,ou=people,dc=domain,dc=local
changetype: delete
delete: lastLoginTime
But I keep*getting*
ldapmodify: extra lines at end (line 3 of entry
"uid=username,ou=people,dc=domain,dc=local")
I checked for whitespaces, extra lines..but still same
issue
I did also check for lastLoginTime values in the users in
the interface, but the value is empty..so not sure if this
is the problem at all
does ldapmodify -d 1 give any more useful information?
Regards
On Wed, May 9, 2012 at 5:26 PM, Ali
Jawad <ali.jawad@splendor.net>
wrote:
Hi Rich
Your help is highly appreciated, I got it working,
thanks for your patience.
Regards
On Wed, May 9, 2012 at
5:19 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
On 05/09/2012 08:17 AM, Ali Jawad
wrote:
Hi
Thanks Rich, just what I was
searching for, I am facing a problem
though "ldapmodify: No such object
(32)*matched DN:
dc=domain,dc=local"at :
[user@server ~]$ ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com -x
dn: cn=Account Inactivation Policy,dc=example,dc=com
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
I am doing*
[root@386-100-16 dirsrv]#
ldapmodify -D "cn=directory
manager" -w password *-p 389 -h
x.x.x.x * -x
dn: cn=Account Inactivation
Policy,dc=domain,dc=local
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
modifying entry "cn=Account
Inactivation
Policy,dc=domain,dc=local"
ldapmodify: No such object (32)
* * * * matched DN:
dc=domain,dc=local
Right.* You are missing the ldapmodify -a -
see the original instructions
On Wed,
May 9, 2012 at 4:47 PM, Rich
Megginson <rmeggins@redhat.com>
wrote:
On 05/09/2012 07:45
AM, Ali Jawad wrote:
Hi
I have a
requirement to
disable inactive
users after 90
days. I did read*
http://directory.fedoraproject.org/wiki/Account_Policy_Design*
but I am not sure
whether this is a
design*proposal*or
the
actual*implementation.*
My DS version
is :
rpm -qa |
grep 389
389-admin-console-1.1.8-1.el5
389-ds-base-1.2.9.9-1.el5
389-dsgw-1.1.7-2.el5
389-console-1.1.7-3.el5
389-adminutil-1.1.14-1.el5
389-admin-1.1.23-1.el5
389-admin-console-doc-1.1.8-1.el5
389-ds-1.2.1-1.el5
389-ds-base-libs-1.2.9.9-1.el5
389-ds-console-1.2.6-1.el5
389-ds-console-doc-1.2.6-1.el5
I got*
[root@386-100-16
dirsrv]#
ldapsearch -x -D
"cn=Directory
manager" -w
Password -b
"cn=config" -s
base
lastLoginTime
# extended
LDIF
#
# LDAPv3
# base
<cn=config>
with scope
baseObject
# filter:
(objectclass=*)
# requesting:
lastLoginTime*
#
# config
dn: cn=config
# search
result
search: 2
result: 0
Success
#
numResponses: 2
# numEntries:
1
and*
[root@386-100-16
dirsrv]# grep
-i
lastlogintime
/etc/dirsrv/slapd-386-100-16/schema/*
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:##
lastLoginTime
holds login
state in user
entries
(GeneralizedTime
syntax)
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes:
(
2.16.840.1.113719.1.1.4.1.35
NAME
'lastLoginTime'
I am not sure
how to implement
this though,
please advice.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html
Regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Ali Jawad
Information
Systems Manager
Splendor
Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext
116
FAX: +9611375554
--
Ali
Jawad
Information
Systems Manager
Splendor
Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
Ali Jawad
Information Systems
Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
05-09-2012, 04:13 PM
Disable Inactive Users After 90 days
Are you doing this via an ldif file or stdin?
Try*echo -e "dn: uid=username,ou=people,dc=domain,dc=local
changetype: delete
delete: lastLoginTime
" | ldapmodify -x -h yourhost -D"cn=directory manager" -wPaSsWoRd
Jim
On Wed, May 9, 2012 at 11:09 AM, Rich Megginson <rmeggins@redhat.com> wrote:
On 05/09/2012 10:09 AM, Ali Jawad wrote:
Hi Rich
Seems I still got a problem, the users can't logon anymore,
I did try to*
dn: uid=username,ou=people,dc=domain,dc=local
changetype: delete
delete: lastLoginTime
But I keep*getting*
ldapmodify: extra lines at end (line 3 of entry
"uid=username,ou=people,dc=domain,dc=local")
I checked for whitespaces, extra lines..but still same
issue
I did also check for lastLoginTime values in the users in
the interface, but the value is empty..so not sure if this
is the problem at all
does ldapmodify -d 1 give any more useful information?
Regards
On Wed, May 9, 2012 at 5:26 PM, Ali
Jawad <ali.jawad@splendor.net>
wrote:
Hi Rich
Your help is highly appreciated, I got it working,
thanks for your patience.
Regards
On Wed, May 9, 2012 at
5:19 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
On 05/09/2012 08:17 AM, Ali Jawad
wrote:
Hi
Thanks Rich, just what I was
searching for, I am facing a problem
though "ldapmodify: No such object
(32)*matched DN:
dc=domain,dc=local"at :
[user@server ~]$ ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com -x
dn: cn=Account Inactivation Policy,dc=example,dc=com
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
I am doing*
[root@386-100-16 dirsrv]#
ldapmodify -D "cn=directory
manager" -w password *-p 389 -h
x.x.x.x * -x
dn: cn=Account Inactivation
Policy,dc=domain,dc=local
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
modifying entry "cn=Account
Inactivation
Policy,dc=domain,dc=local"
ldapmodify: No such object (32)
* * * * matched DN:
dc=domain,dc=local
Right.* You are missing the ldapmodify -a -
see the original instructions
On Wed,
May 9, 2012 at 4:47 PM, Rich
Megginson <rmeggins@redhat.com>
wrote:
On 05/09/2012 07:45
AM, Ali Jawad wrote:
Hi
I have a
requirement to
disable inactive
users after 90
days. I did read*
http://directory.fedoraproject.org/wiki/Account_Policy_Design*
but I am not sure
whether this is a
design*proposal*or
the
actual*implementation.*
My DS version
is :
rpm -qa |
grep 389
389-admin-console-1.1.8-1.el5
389-ds-base-1.2.9.9-1.el5
389-dsgw-1.1.7-2.el5
389-console-1.1.7-3.el5
389-adminutil-1.1.14-1.el5
389-admin-1.1.23-1.el5
389-admin-console-doc-1.1.8-1.el5
389-ds-1.2.1-1.el5
389-ds-base-libs-1.2.9.9-1.el5
389-ds-console-1.2.6-1.el5
389-ds-console-doc-1.2.6-1.el5
I got*
[root@386-100-16
dirsrv]#
ldapsearch -x -D
"cn=Directory
manager" -w
Password -b
"cn=config" -s
base
lastLoginTime
# extended
LDIF
#
# LDAPv3
# base
<cn=config>
with scope
baseObject
# filter:
(objectclass=*)
# requesting:
lastLoginTime*
#
# config
dn: cn=config
# search
result
search: 2
result: 0
Success
#
numResponses: 2
# numEntries:
1
and*
[root@386-100-16
dirsrv]# grep
-i
lastlogintime
/etc/dirsrv/slapd-386-100-16/schema/*
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:##
lastLoginTime
holds login
state in user
entries
(GeneralizedTime
syntax)
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes:
(
2.16.840.1.113719.1.1.4.1.35
NAME
'lastLoginTime'
I am not sure
how to implement
this though,
please advice.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html
Regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Ali Jawad
Information
Systems Manager
Splendor
Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext
116
FAX: +9611375554
--
Ali
Jawad
Information
Systems Manager
Splendor
Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
Ali Jawad
Information Systems
Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
05-09-2012, 04:20 PM
Disable Inactive Users After 90 days
Actually, I just re-read what you are trying to do...
" Changetype: delete " is intended to delete the entire entry, not an attribute.
You're receiving that error because there should be no further instruction after a " Changetype: delete "
I believe what you are attempting to do is remove the lastLoginTime attribute. *You would accomplish that like this:
dn: uid=username,ou=people,dc=domain,dc=local
changetype: modifydelete: lastLoginTime
Jim
On Wed, May 9, 2012 at 11:13 AM, Jim Finn <jamespfinn@gmail.com> wrote:
Are you doing this via an ldif file or stdin?
Try*echo -e "dn: uid=username,ou=people,dc=domain,dc=local
changetype: delete
delete: lastLoginTime
" | ldapmodify -x -h yourhost -D"cn=directory manager" -wPaSsWoRd
Jim
On Wed, May 9, 2012 at 11:09 AM, Rich Megginson <rmeggins@redhat.com> wrote:
On 05/09/2012 10:09 AM, Ali Jawad wrote:
Hi Rich
Seems I still got a problem, the users can't logon anymore,
I did try to*
dn: uid=username,ou=people,dc=domain,dc=local
changetype: delete
delete: lastLoginTime
But I keep*getting*
ldapmodify: extra lines at end (line 3 of entry
"uid=username,ou=people,dc=domain,dc=local")
I checked for whitespaces, extra lines..but still same
issue
I did also check for lastLoginTime values in the users in
the interface, but the value is empty..so not sure if this
is the problem at all
does ldapmodify -d 1 give any more useful information?
Regards
On Wed, May 9, 2012 at 5:26 PM, Ali
Jawad <ali.jawad@splendor.net>
wrote:
Hi Rich
Your help is highly appreciated, I got it working,
thanks for your patience.
Regards
On Wed, May 9, 2012 at
5:19 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
On 05/09/2012 08:17 AM, Ali Jawad
wrote:
Hi
Thanks Rich, just what I was
searching for, I am facing a problem
though "ldapmodify: No such object
(32)*matched DN:
dc=domain,dc=local"at :
[user@server ~]$ ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com -x
dn: cn=Account Inactivation Policy,dc=example,dc=com
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
I am doing*
[root@386-100-16 dirsrv]#
ldapmodify -D "cn=directory
manager" -w password *-p 389 -h
x.x.x.x * -x
dn: cn=Account Inactivation
Policy,dc=domain,dc=local
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
modifying entry "cn=Account
Inactivation
Policy,dc=domain,dc=local"
ldapmodify: No such object (32)
* * * * matched DN:
dc=domain,dc=local
Right.* You are missing the ldapmodify -a -
see the original instructions
On Wed,
May 9, 2012 at 4:47 PM, Rich
Megginson <rmeggins@redhat.com>
wrote:
On 05/09/2012 07:45
AM, Ali Jawad wrote:
Hi
I have a
requirement to
disable inactive
users after 90
days. I did read*
http://directory.fedoraproject.org/wiki/Account_Policy_Design*
but I am not sure
whether this is a
design*proposal*or
the
actual*implementation.*
My DS version
is :
rpm -qa |
grep 389
389-admin-console-1.1.8-1.el5
389-ds-base-1.2.9.9-1.el5
389-dsgw-1.1.7-2.el5
389-console-1.1.7-3.el5
389-adminutil-1.1.14-1.el5
389-admin-1.1.23-1.el5
389-admin-console-doc-1.1.8-1.el5
389-ds-1.2.1-1.el5
389-ds-base-libs-1.2.9.9-1.el5
389-ds-console-1.2.6-1.el5
389-ds-console-doc-1.2.6-1.el5
I got*
[root@386-100-16
dirsrv]#
ldapsearch -x -D
"cn=Directory
manager" -w
Password -b
"cn=config" -s
base
lastLoginTime
# extended
LDIF
#
# LDAPv3
# base
<cn=config>
with scope
baseObject
# filter:
(objectclass=*)
# requesting:
lastLoginTime*
#
# config
dn: cn=config
# search
result
search: 2
result: 0
Success
#
numResponses: 2
# numEntries:
1
and*
[root@386-100-16
dirsrv]# grep
-i
lastlogintime
/etc/dirsrv/slapd-386-100-16/schema/*
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:##
lastLoginTime
holds login
state in user
entries
(GeneralizedTime
syntax)
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes:
(
2.16.840.1.113719.1.1.4.1.35
NAME
'lastLoginTime'
I am not sure
how to implement
this though,
please advice.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html
Regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Ali Jawad
Information
Systems Manager
Splendor
Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext
116
FAX: +9611375554
--
Ali
Jawad
Information
Systems Manager
Splendor
Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
Ali Jawad
Information Systems
Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
05-09-2012, 04:20 PM
Disable Inactive Users After 90 days
Stdin, problem is even new users cant register anymore. Not just existing ones..will tset your suggestionRegards
On Wed, May 9, 2012 at 7:13 PM, Jim Finn <jamespfinn@gmail.com> wrote:
Are you doing this via an ldif file or stdin?
Try*echo -e "dn: uid=username,ou=people,dc=domain,dc=local
changetype: delete
delete: lastLoginTime
" | ldapmodify -x -h yourhost -D"cn=directory manager" -wPaSsWoRd
Jim
On Wed, May 9, 2012 at 11:09 AM, Rich Megginson <rmeggins@redhat.com> wrote:
On 05/09/2012 10:09 AM, Ali Jawad wrote:
Hi Rich
Seems I still got a problem, the users can't logon anymore,
I did try to*
dn: uid=username,ou=people,dc=domain,dc=local
changetype: delete
delete: lastLoginTime
But I keep*getting*
ldapmodify: extra lines at end (line 3 of entry
"uid=username,ou=people,dc=domain,dc=local")
I checked for whitespaces, extra lines..but still same
issue
I did also check for lastLoginTime values in the users in
the interface, but the value is empty..so not sure if this
is the problem at all
does ldapmodify -d 1 give any more useful information?
Regards
On Wed, May 9, 2012 at 5:26 PM, Ali
Jawad <ali.jawad@splendor.net>
wrote:
Hi Rich
Your help is highly appreciated, I got it working,
thanks for your patience.
Regards
On Wed, May 9, 2012 at
5:19 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
On 05/09/2012 08:17 AM, Ali Jawad
wrote:
Hi
Thanks Rich, just what I was
searching for, I am facing a problem
though "ldapmodify: No such object
(32)*matched DN:
dc=domain,dc=local"at :
[user@server ~]$ ldapmodify -a -D "cn=directory manager" -w secret -p 389 -h server.example.com -x
dn: cn=Account Inactivation Policy,dc=example,dc=com
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
I am doing*
[root@386-100-16 dirsrv]#
ldapmodify -D "cn=directory
manager" -w password *-p 389 -h
x.x.x.x * -x
dn: cn=Account Inactivation
Policy,dc=domain,dc=local
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
modifying entry "cn=Account
Inactivation
Policy,dc=domain,dc=local"
ldapmodify: No such object (32)
* * * * matched DN:
dc=domain,dc=local
Right.* You are missing the ldapmodify -a -
see the original instructions
On Wed,
May 9, 2012 at 4:47 PM, Rich
Megginson <rmeggins@redhat.com>
wrote:
On 05/09/2012 07:45
AM, Ali Jawad wrote:
Hi
I have a
requirement to
disable inactive
users after 90
days. I did read*
http://directory.fedoraproject.org/wiki/Account_Policy_Design*
but I am not sure
whether this is a
design*proposal*or
the
actual*implementation.*
My DS version
is :
rpm -qa |
grep 389
389-admin-console-1.1.8-1.el5
389-ds-base-1.2.9.9-1.el5
389-dsgw-1.1.7-2.el5
389-console-1.1.7-3.el5
389-adminutil-1.1.14-1.el5
389-admin-1.1.23-1.el5
389-admin-console-doc-1.1.8-1.el5
389-ds-1.2.1-1.el5
389-ds-base-libs-1.2.9.9-1.el5
389-ds-console-1.2.6-1.el5
389-ds-console-doc-1.2.6-1.el5
I got*
[root@386-100-16
dirsrv]#
ldapsearch -x -D
"cn=Directory
manager" -w
Password -b
"cn=config" -s
base
lastLoginTime
# extended
LDIF
#
# LDAPv3
# base
<cn=config>
with scope
baseObject
# filter:
(objectclass=*)
# requesting:
lastLoginTime*
#
# config
dn: cn=config
# search
result
search: 2
result: 0
Success
#
numResponses: 2
# numEntries:
1
and*
[root@386-100-16
dirsrv]# grep
-i
lastlogintime
/etc/dirsrv/slapd-386-100-16/schema/*
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:##
lastLoginTime
holds login
state in user
entries
(GeneralizedTime
syntax)
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes:
(
2.16.840.1.113719.1.1.4.1.35
NAME
'lastLoginTime'
I am not sure
how to implement
this though,
please advice.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html
Regards
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Ali Jawad
Information
Systems Manager
Splendor
Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext
116
FAX: +9611375554
--
Ali
Jawad
Information
Systems Manager
Splendor
Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
Ali Jawad
Information Systems
Manager
Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Ali Jawad
Information Systems ManagerSplendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
All times are GMT. The time now is 05:11 PM .
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2007 - 2008, www.linux-archive.org
Disable Inactive Users After 90 days
