After having searched a bit, I think I know the answer. However, I am asking the question in hopes that people may know of a project or effort underway that I can dig into. We have a requirement to record user activity (or more notably inactivity). This is separate from password expiration. If an account is inactive for X days, it must be auto-disabled. Since we are using a directory server across hundreds of systems, the only way to do this is in the directory. Is there a schema option in 389-ds to support this, and concurrently a pam module or extension to pam_ldap that supports it? Ideally, pam_ldap would just have an option 'lastlog on' that would just update the attribute on the user's object. If there are not even any efforts to this end, I'll probably just hack up something and put it into the .profile, but I was hoping to hedge off of something else... Thanks, -Brandon -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
