On 06/08/2011 03:59 PM, brandon wrote: > After having searched a bit, I think I know the answer. However, I am > asking the question in hopes that people may know of a project or effort > underway that I can dig into. > > We have a requirement to record user activity (or more notably > inactivity). This is separate from password expiration. If an account > is inactive for X days, it must be auto-disabled. Since we are using a > directory server across hundreds of systems, the only way to do this is > in the directory. > > Is there a schema option in 389-ds to support this, and concurrently a > pam module or extension to pam_ldap that supports it? http://directory.fedoraproject.org/wiki/Account_Policy_Design > Ideally, pam_ldap would just have an option 'lastlog on' that would just > update the attribute on the user's object. > > If there are not even any efforts to this end, I'll probably just hack > up something and put it into the .profile, but I was hoping to hedge off > of something else... > > Thanks, > > -Brandon > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
