I just followed that and made the changes, restarted the server, and logged in with user account.  I logged in fine, but if I try to do an ldapsearch and search for lastLoginTime, I get nothing back.  I don't see that attribute in that user's Advanced Properties page either.  So, I guess its back to my original question:  Do I  need to manually add the lastLoginTime attribute to all 460 users manually?  Or are there any logs that I can examine to see if it is being rejected some how?

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine@faa.gov


From: Rich Megginson <rmeggins@redhat.com>
To: Harry Devine/ACT/FAA@FAA
Cc: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Date: 07/26/2013 04:19 PM
Subject: Re: [389-users] Question about lastlogintime




On 07/26/2013 01:35 PM, harry.devine@faa.gov wrote:

I looked them over but I'm still not clear on it.  I don't necessarily want to lock out accounts after a certain amount of time, I just want to record the last login time.  I guess I still don't see whether I need add that attribute to each user account, either manually or via some sort of script.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html#account-policy-plugin-wo-lockout

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine@faa.gov

From: Rich Megginson <rmeggins@redhat.com>
To: "General discussion list for the 389 Directory server project." <389-users@lists.fedoraproject.org>
Cc: Harry Devine/ACT/FAA@FAA
Date: 07/26/2013 11:57 AM
Subject: Re: [389-users] Question about lastlogintime



On 07/26/2013 09:07 AM, harry.devine@faa.gov wrote:

We were interested in tracking a user's last login time, and I see the attribute that I can add in the user's profile.  But we have 460 users so adding that in manually would be tedious.  I saw this article online: https://fedorahosted.org/389/ticket/371 and wondered if all we had to do was add what it mentions to our dse.ldif file and restart the server.  

Yes, but see http://www.port389.org/wiki/Account_Policy_Design and https://fedorahosted.org/389/ticket/47439


Would that work?  If not, would scripting the addition of that attribute be possible?  Or is there another way?




Thanks!
Harry


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users