Dmitri Pal wrote:
On 09/13/2013 01:46 PM, Rob Crittenden wrote:
Simo Sorce wrote:
On Fri, 2013-09-13 at 10:58 -0400, Rob Crittenden wrote:
Dmitri Pal wrote:
On 09/13/2013 05:16 AM, Marina Moreda wrote:
Hi all,

I need to add in my LDAP an attribute to save the date of last access
to mail account, or something similar, to know when an user has
stopped using his mail account. I can't find any attribute like this
one. Any suggestions on how I can do this?

Thanks so much.



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

I think there are some operational, i.e. "meta" attributes that store
information when some attribute was last modified so if there is a way
to associate mail activity with a modification of some user attribute
then you can check the time stamp of this modification rather than
create a separate attribute. With a new attribute the question comes:
who, when and how updates it and whether the software you have is
capable of doing it? May be software already updates something on
every
activity for the account and if this is the case then operation
attributes would help.

There is no mail-specific activity attribute. I think about the closest
you could get is last successful Kerberos authentication
(krblastsuccessfulauth), but again this isn't specific to mail activity
(unless that is all the users can do).

Note too that this attribute is by default not replicated so if you
have
several IPA masters you'd need to check them all. This attribute not
updated on LDAP binds.

Rob,
should we open a ticket to update this for plain text binds too ?

Simo.

That's an interesting question. The attribute has krb in it which
suggests a kerberos authentication, so I wonder if this would cause
other confusion.

Wasn't there an intent not to update data on a successful auth? Only on
a failure or first time after a failure to clear the counts?

It certainly seems like an argument I'd make, but I don't recall specifically.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to