1:59 a.m.
Hello,
is there a way in FreeIPA to access LDAP fields which are not normally accessible, such as
createTimeStamp?
Many thanks.
12:14 p.m.
On pe, 09 joulu 2022, None via FreeIPA-users wrote:
Hello,
is there a way in FreeIPA to access LDAP fields which are not normally
accessible, such as createTimeStamp?
This specific operational LDAP attribute is not accessible over IPA API.
Could you please explain what you are trying to achieve, in more
details?
P.S. Please also configure your identity so that there is a real name,
not 'None' in the emails.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
12:47 p.m.
Hi Alexander,
I’m sorry, but I’m not sure how to configure my identity so that my email address
appears.
In the company I’m working for, FreeIPA is used to create accounts to access Hue,
Zeppelin, and other software. I was wondering if there were a way to retrieve
account-creation dates with IPA, for say, inventory purposes. For instance,
say n accounts were created 10 years ago, but aren’t used anymore. Then, you might decide
to disable them.
Le 9 déc. 2022 à 19:14, Alexander Bokovoy <abokovoy(a)redhat.com>
a écrit :
On pe, 09 joulu 2022, None via FreeIPA-users wrote:
> Hello,
> is there a way in FreeIPA to access LDAP fields which are not normally
> accessible, such as createTimeStamp?
This specific operational LDAP attribute is not accessible over IPA API.
Could you please explain what you are trying to achieve, in more
details?
P.S. Please also configure your identity so that there is a real name,
not 'None' in the emails.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
3:39 a.m.
On pe, 09 joulu 2022, Philippe de Rochambeau wrote:
Hi Alexander,
I’m sorry, but I’m not sure how to configure my identity so that my email address
appears.
In the company I’m working for, FreeIPA is used to create accounts to
access Hue, Zeppelin, and other software. I was wondering if there were
a way to retrieve account-creation dates with IPA, for say, inventory
purposes. For instance, say n accounts were created 10 years ago, but
aren’t used anymore. Then, you might decide to disable them.
If you want to achieve that, running LDAP query directly would be as
good. I suppose it would be a periodic job run non-interactively, so you
really ought to look into
krbLastSuccessfulAuth
krbPrincipalExpiration
which both are accessible via IPA API as well.
creatorTimestamp is good to lookup in LDAP but it might not be the right
value. It is certainly not an indication of the activity.
> Le 9 déc. 2022 à 19:14, Alexander Bokovoy <abokovoy(a)redhat.com> a écrit :
>
> On pe, 09 joulu 2022, None via FreeIPA-users wrote:
>> Hello,
>> is there a way in FreeIPA to access LDAP fields which are not normally
>> accessible, such as createTimeStamp?
>
> This specific operational LDAP attribute is not accessible over IPA API.
> Could you please explain what you are trying to achieve, in more
> details?
>
> P.S. Please also configure your identity so that there is a real name,
> not 'None' in the emails.
>
> --
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
>
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
517
days inactive
518
days old
freeipa-users@lists.fedorahosted.org
3 comments
3 participants
participants (3)
-
Alexander Bokovoy -
Philippe de Rochambeau -
phiroc@free.fr