Hi
Thanks Rich, just what I was searching for, I am facing a problem though
"ldapmodify: No such object (32) matched DN: dc=domain,dc=local"at :
[user@server ~]$ ldapmodify *-a* -D "cn=directory manager" -w secret
-p 389 -h
server.example.com -x
dn: cn=Account Inactivation Policy,dc=example,dc=com
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject*objectClass:
accountpolicy**accountInactivityLimit: 2592000*
cn: Account Inactivation Policy
I am doing
[root@386-100-16 dirsrv]# ldapmodify -D "cn=directory manager" -w password
-p 389 -h x.x.x.x -x
dn: cn=Account Inactivation Policy,dc=domain,dc=local
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
modifying entry "cn=Account Inactivation Policy,dc=domain,dc=local"
ldapmodify: No such object (32)
matched DN: dc=domain,dc=local
On Wed, May 9, 2012 at 4:47 PM, Rich Megginson <rmeggins(a)redhat.com> wrote:
On 05/09/2012 07:45 AM, Ali Jawad wrote:
Hi
I have a requirement to disable inactive users after 90 days. I did read
http://directory.fedoraproject.org/wiki/Account_Policy_Design but I am
not sure whether this is a design proposal or the actual implementation.
My DS version is :
rpm -qa | grep 389
389-admin-console-1.1.8-1.el5
389-ds-base-1.2.9.9-1.el5
389-dsgw-1.1.7-2.el5
389-console-1.1.7-3.el5
389-adminutil-1.1.14-1.el5
389-admin-1.1.23-1.el5
389-admin-console-doc-1.1.8-1.el5
389-ds-1.2.1-1.el5
389-ds-base-libs-1.2.9.9-1.el5
389-ds-console-1.2.6-1.el5
389-ds-console-doc-1.2.6-1.el5
I got
[root@386-100-16 dirsrv]# ldapsearch -x -D "cn=Directory manager" -w
Password -b "cn=config" -s base lastLoginTime
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope baseObject
# filter: (objectclass=*)
# requesting: lastLoginTime
#
# config
dn: cn=config
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
and
[root@386-100-16 dirsrv]# grep -i lastlogintime
/etc/dirsrv/slapd-386-100-16/schema/*
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:## lastLoginTime
holds login state in user entries (GeneralizedTime syntax)
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes: (
2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime'
I am not sure how to implement this though, please advice.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Admin...
Regards
--
389 users mailing
list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
--
*Ali Jawad
*
*Information Systems Manager*
*Splendor Telecom (
www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554*