On 05/09/2012 08:17 AM, Ali Jawad wrote:
Hi
Thanks Rich, just what I was searching for, I am facing a problem
though "ldapmodify: No such object (32) matched DN:
dc=domain,dc=local"at :
[user@server ~]$ ldapmodify*-a* -D "cn=directory manager" -w secret -p 389
-hserver.example.com <http://server.example.com> -x
dn: cn=Account Inactivation Policy,dc=example,dc=com
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
*objectClass: accountpolicy*
*accountInactivityLimit: 2592000*
cn: Account Inactivation Policy
I am doing
[root@386-100-16 dirsrv]# ldapmodify -D "cn=directory manager" -w
password -p 389 -h x.x.x.x -x
dn: cn=Account Inactivation Policy,dc=domain,dc=local
objectClass: top
objectClass: ldapsubentry
objectClass: extensibleObject
objectClass: accountpolicy
accountInactivityLimit: 2592000
cn: Account Inactivation Policy
modifying entry "cn=Account Inactivation Policy,dc=domain,dc=local"
ldapmodify: No such object (32)
matched DN: dc=domain,dc=local
Right. You are missing the ldapmodify -a - see the original instructions
On Wed, May 9, 2012 at 4:47 PM, Rich Megginson <[email protected]
<mailto:[email protected]>> wrote:
On 05/09/2012 07:45 AM, Ali Jawad wrote:
Hi
I have a requirement to disable inactive users after 90 days. I
did read
http://directory.fedoraproject.org/wiki/Account_Policy_Design
but I am not sure whether this is a design proposal or the
actual implementation.
My DS version is :
rpm -qa | grep 389
389-admin-console-1.1.8-1.el5
389-ds-base-1.2.9.9-1.el5
389-dsgw-1.1.7-2.el5
389-console-1.1.7-3.el5
389-adminutil-1.1.14-1.el5
389-admin-1.1.23-1.el5
389-admin-console-doc-1.1.8-1.el5
389-ds-1.2.1-1.el5
389-ds-base-libs-1.2.9.9-1.el5
389-ds-console-1.2.6-1.el5
389-ds-console-doc-1.2.6-1.el5
I got
[root@386-100-16 dirsrv]# ldapsearch -x -D "cn=Directory manager"
-w Password -b "cn=config" -s base lastLoginTime
# extended LDIF
#
# LDAPv3
# base <cn=config> with scope baseObject
# filter: (objectclass=*)
# requesting: lastLoginTime
#
# config
dn: cn=config
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
and
[root@386-100-16 dirsrv]# grep -i lastlogintime
/etc/dirsrv/slapd-386-100-16/schema/*
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:##
lastLoginTime holds login state in user entries (GeneralizedTime
syntax)
/etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes:
( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime'
I am not sure how to implement this though, please advice.
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html
Regards
--
389 users mailing list
[email protected]
<mailto:[email protected]>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
*Ali Jawad
*
*Information Systems Manager*
*Splendor Telecom (www.splendor.net <http://www.splendor.net/>)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554*
--
389 users mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/389-users
