On pe, 09 joulu 2022, Philippe de Rochambeau wrote:
Hi Alexander,
I’m sorry, but I’m not sure how to configure my identity so that my email address
appears.
In the company I’m working for, FreeIPA is used to create accounts to
access Hue, Zeppelin, and other software. I was wondering if there were
a way to retrieve account-creation dates with IPA, for say, inventory
purposes. For instance, say n accounts were created 10 years ago, but
aren’t used anymore. Then, you might decide to disable them.
If you want to achieve that, running LDAP query directly would be as
good. I suppose it would be a periodic job run non-interactively, so you
really ought to look into
krbLastSuccessfulAuth
krbPrincipalExpiration
which both are accessible via IPA API as well.
creatorTimestamp is good to lookup in LDAP but it might not be the right
value. It is certainly not an indication of the activity.
> Le 9 déc. 2022 à 19:14, Alexander Bokovoy <abokovoy(a)redhat.com> a écrit :
>
> On pe, 09 joulu 2022, None via FreeIPA-users wrote:
>> Hello,
>> is there a way in FreeIPA to access LDAP fields which are not normally
>> accessible, such as createTimeStamp?
>
> This specific operational LDAP attribute is not accessible over IPA API.
> Could you please explain what you are trying to achieve, in more
> details?
>
> P.S. Please also configure your identity so that there is a real name,
> not 'None' in the emails.
>
> --
> / Alexander Bokovoy
> Sr. Principal Software Engineer
> Security / Identity Management Engineering
> Red Hat Limited, Finland
>
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland