Hi Rich
Seems I still got a problem, the users can't logon anymore, I did try to
dn: uid=username,ou=people,dc=domain,dc=local
changetype: delete
delete: lastLoginTime
But I keep getting
ldapmodify: extra lines at end (line 3 of entry
"uid=username,ou=people,dc=domain,dc=local")
I checked for whitespaces, extra lines..but still same issue
I did also check for lastLoginTime values in the users in the
interface, but the value is empty..so not sure if this is the problem
at all
Regards
On Wed, May 9, 2012 at 5:26 PM, Ali Jawad <ali.jawad(a)splendor.net
<mailto:ali.jawad@splendor.net>> wrote:
Hi Rich
Your help is highly appreciated, I got it working, thanks for your
patience.
Regards
On Wed, May 9, 2012 at 5:19 PM, Rich Megginson
<rmeggins(a)redhat.com <mailto:rmeggins@redhat.com>> wrote:
On 05/09/2012 08:17 AM, Ali Jawad wrote:
> Hi
> Thanks Rich, just what I was searching for, I am facing a
> problem though "ldapmodify: No such object (32) matched DN:
> dc=domain,dc=local"at :
>
> [user@server ~]$ ldapmodify*-a* -D "cn=directory manager" -w
secret -p 389 -hserver.example.com <
http://server.example.com> -x
>
> dn: cn=Account Inactivation Policy,dc=example,dc=com
>
> objectClass: top
> objectClass: ldapsubentry
> objectClass: extensibleObject
> *objectClass: accountpolicy*
> *accountInactivityLimit: 2592000*
> cn: Account Inactivation Policy
>
> I am doing
>
> [root@386-100-16 dirsrv]# ldapmodify -D "cn=directory
> manager" -w password -p 389 -h x.x.x.x -x
>
> dn: cn=Account Inactivation Policy,dc=domain,dc=local
> objectClass: top
> objectClass: ldapsubentry
> objectClass: extensibleObject
> objectClass: accountpolicy
> accountInactivityLimit: 2592000
> cn: Account Inactivation Policy
> modifying entry "cn=Account Inactivation
> Policy,dc=domain,dc=local"
>
> ldapmodify: No such object (32)
> matched DN: dc=domain,dc=local
Right. You are missing the ldapmodify -a - see the original
instructions
>
> On Wed, May 9, 2012 at 4:47 PM, Rich Megginson
> <rmeggins(a)redhat.com <mailto:rmeggins@redhat.com>> wrote:
>
> On 05/09/2012 07:45 AM, Ali Jawad wrote:
>> Hi
>> I have a requirement to disable inactive users after 90
>> days. I did read
>>
http://directory.fedoraproject.org/wiki/Account_Policy_Design
>> but I am not sure whether this is a design proposal or
>> the actual implementation.
>>
>> My DS version is :
>>
>> rpm -qa | grep 389
>> 389-admin-console-1.1.8-1.el5
>> 389-ds-base-1.2.9.9-1.el5
>> 389-dsgw-1.1.7-2.el5
>> 389-console-1.1.7-3.el5
>> 389-adminutil-1.1.14-1.el5
>> 389-admin-1.1.23-1.el5
>> 389-admin-console-doc-1.1.8-1.el5
>> 389-ds-1.2.1-1.el5
>> 389-ds-base-libs-1.2.9.9-1.el5
>> 389-ds-console-1.2.6-1.el5
>> 389-ds-console-doc-1.2.6-1.el5
>>
>> I got
>>
>> [root@386-100-16 dirsrv]# ldapsearch -x -D "cn=Directory
>> manager" -w Password -b "cn=config" -s base
lastLoginTime
>> # extended LDIF
>> #
>> # LDAPv3
>> # base <cn=config> with scope baseObject
>> # filter: (objectclass=*)
>> # requesting: lastLoginTime
>> #
>>
>> # config
>> dn: cn=config
>>
>> # search result
>> search: 2
>> result: 0 Success
>>
>> # numResponses: 2
>> # numEntries: 1
>>
>> and
>>
>> [root@386-100-16 dirsrv]# grep -i lastlogintime
>> /etc/dirsrv/slapd-386-100-16/schema/*
>> /etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:##
>> lastLoginTime holds login state in user entries
>> (GeneralizedTime syntax)
>>
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes:
>> ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime'
>>
>> I am not sure how to implement this though, please advice.
>
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Admin...
>>
>> Regards
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
<mailto:389-users@lists.fedoraproject.org>
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
>
> --
> *Ali Jawad
> *
> *Information Systems Manager*
> *Splendor Telecom (
www.splendor.net <
http://www.splendor.net/>)
> Beirut, Lebanon
> Phone: +9611373725/ext 116
> FAX: +9611375554*
>
--
*Ali Jawad
*
*Information Systems Manager*
*Splendor Telecom (
www.splendor.net <
http://www.splendor.net/>)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554*
--
*Ali Jawad
*
*Information Systems Manager*
*Splendor Telecom (
www.splendor.net <
http://www.splendor.net/>)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554*