I'm not trying to lock out any accounts based on login time currently, just add the lastLoginTime attribute.  If I understand that link you sent me, if I do not put altstateattrname: createTimestamp as stated at https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html#account-policy-plugin-wo-lockout then it should work?

Also, I did notice that the changes I put in this morning somehow aren't there.  I manually edited my dse.ldif file, saved it, restarted the directory server, and tried it.  Is this not the acceptable method?  

Thanks for the help!
Harry

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine@faa.gov



From: Rich Megginson <rmeggins@redhat.com>
To: Harry Devine/ACT/FAA@FAA
Cc: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Date: 07/30/2013 11:10 AM
Subject: Re: [389-users] Question about lastlogintime





On 07/30/2013 07:26 AM, harry.devine@faa.gov wrote:

I just followed that and made the changes, restarted the server, and logged in with user account.  I logged in fine, but if I try to do an ldapsearch and search for lastLoginTime, I get nothing back.  I don't see that attribute in that user's Advanced Properties page either.  So, I guess its back to my original question:  Do I  need to manually add the lastLoginTime attribute to all 460 users manually?  Or are there any logs that I can examine to see if it is being rejected some how?

https://fedorahosted.org/389/ticket/47439

Thanks,

Harry


Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218

Harry.Devine@faa.gov

From: Rich Megginson <rmeggins@redhat.com>
To: Harry Devine/ACT/FAA@FAA
Cc: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Date: 07/26/2013 04:19 PM
Subject: Re: [389-users] Question about lastlogintime






On 07/26/2013 01:35 PM,
harry.devine@faa.gov wrote:

I looked them over but I'm still not clear on it.  I don't necessarily want to lock out accounts after a certain amount of time, I just want to record the last login time.  I guess I still don't see whether I need add that attribute to each user account, either manually or via some sort of script.

https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html#account-policy-plugin-wo-lockout

Thanks,

Harry


Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218

Harry.Devine@faa.gov
From: Rich Megginson <rmeggins@redhat.com>
To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Cc: Harry Devine/ACT/FAA@FAA
Date: 07/26/2013 11:57 AM
Subject: Re: [389-users] Question about lastlogintime







On 07/26/2013 09:07 AM,
harry.devine@faa.gov wrote:

We were interested in tracking a user's last login time, and I see the attribute that I can add in the user's profile.  But we have 460 users so adding that in manually would be tedious.  I saw this article online:
https://fedorahosted.org/389/ticket/371 and wondered if all we had to do was add what it mentions to our dse.ldif file and restart the server.  

Yes, but see
http://www.port389.org/wiki/Account_Policy_Design and https://fedorahosted.org/389/ticket/47439


Would that work?  If not, would scripting the addition of that attribute be possible?  Or is there another way?





Thanks!

Harry



--
389 users mailing list

389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users