Re: Question about lastlogintime

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Thanks, Rich!  That was the issue.  I didn't have the server stopped so the changes didn't hold.  I did the ldapmodify commands and restarted the server, logged in with a test account, and saw that the lastLoginTime attribute is now present.

Thanks!
Harry

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine@xxxxxxx


From: Rich Megginson <rmeggins@xxxxxxxxxx>
To: Harry Devine/ACT/FAA@FAA
Cc: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Date: 07/30/2013 11:32 AM
Subject: Re: Question about lastlogintime




On 07/30/2013 09:28 AM, harry.devine@xxxxxxx wrote:

I'm not trying to lock out any accounts based on login time currently, just add the lastLoginTime attribute.  If I understand that link you sent me, if I do not put altstateattrname: createTimestamp as stated at https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html#account-policy-plugin-wo-lockout then it should work?
Not sure.

Also, I did notice that the changes I put in this morning somehow aren't there.  I manually edited my dse.ldif file, saved it, restarted the directory server, and tried it.  Is this not the acceptable method?  

The best method is ldapmodify, then restart.

If you must edit dse.ldif, make sure the server is not running or your changes will be lost.

Thanks for the help!
Harry

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine@xxxxxxx

From: Rich Megginson <rmeggins@xxxxxxxxxx>
To: Harry Devine/ACT/FAA@FAA
Cc: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Date: 07/30/2013 11:10 AM
Subject: Re: Question about lastlogintime



On 07/30/2013 07:26 AM, harry.devine@xxxxxxx wrote:

I just followed that and made the changes, restarted the server, and logged in with user account.  I logged in fine, but if I try to do an ldapsearch and search for lastLoginTime, I get nothing back.  I don't see that attribute in that user's Advanced Properties page either.  So, I guess its back to my original question:  Do I  need to manually add the lastLoginTime attribute to all 460 users manually?  Or are there any logs that I can examine to see if it is being rejected some how?
https://fedorahosted.org/389/ticket/47439

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine@xxxxxxx
From: Rich Megginson <rmeggins@xxxxxxxxxx>
To: Harry Devine/ACT/FAA@FAA
Cc: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Date: 07/26/2013 04:19 PM
Subject: Re: Question about lastlogintime



On 07/26/2013 01:35 PM, harry.devine@xxxxxxx wrote:

I looked them over but I'm still not clear on it.  I don't necessarily want to lock out accounts after a certain amount of time, I just want to record the last login time.  I guess I still don't see whether I need add that attribute to each user account, either manually or via some sort of script.
https://access.redhat.com/site/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html#account-policy-plugin-wo-lockout

Thanks,
Harry

Harry Devine
Common ARTS Software Development
AJM-245
(609)485-4218
Harry.Devine@xxxxxxx
From: Rich Megginson <rmeggins@xxxxxxxxxx>
To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
Cc: Harry Devine/ACT/FAA@FAA
Date: 07/26/2013 11:57 AM
Subject: Re: Question about lastlogintime



On 07/26/2013 09:07 AM, harry.devine@xxxxxxx wrote:

We were interested in tracking a user's last login time, and I see the attribute that I can add in the user's profile.  But we have 460 users so adding that in manually would be tedious.  I saw this article online: https://fedorahosted.org/389/ticket/371 and wondered if all we had to do was add what it mentions to our dse.ldif file and restart the server.  

Yes, but see http://www.port389.org/wiki/Account_Policy_Design and https://fedorahosted.org/389/ticket/47439


Would that work?  If not, would scripting the addition of that attribute be possible?  Or is there another way?




Thanks!
Harry


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users 








--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux