On March 2, 2010 03:18:43 pm Rich Megginson wrote: > Ryan Braun [ADS] wrote: > > Is there an operational attribute or some other way to determine when the > > last time an account was used to bind to the server (or any server in a > > MMR setup). Basically looking to find out the last time an account > > performed a bind operation to test for account inactivity. > > No, but there is a proposal to add something like that - > http://directory.fedoraproject.org/wiki/Account_Policy_Design Yeah looks like what I'm after in that document is the loginTimestamp attribute. Most of our account maintenance would be done from cron and perl, with pam checking the shadow attributes for account/password expiry information. I just need a way to do a nightly audit for accounts that haven't been used in X days. Any idea on when that might get implemented? (loaded question I know :) ) > > > Also, is there list of the available operational attributes anywhere? > > grep -i operation /etc/dirsrv/schema/* Nice tip, thanks Rich. Ryan Braun Aviation and Defence Services Division Chief Information Officer Branch, Environment Canada CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558 E-Mail: Ryan.Braun at ec.gc.ca
