https://bugzilla.redhat.com/show_bug.cgi?id=810912 (Red Hat Directory Server)
Would like to be able to track user login times using the lastLoginTime
attribute without having to set up a policy in the Account Policy Plugin based
on the accountInactivityLimit attribute that would disable the account. Only
looking to use the lastLoginTime for tracking purposes without enforcing any
sort of lockout of the account. The ability to use a "0" or "-1" in the
accountInactivityLimit attribute to indicate no inactivity timeout would also
Need the ability to track "dormant" or inactive users so that
they may be purged from the directory. Support for tracking the date/time of last successful
directory login would make detecting unused/inactive accounts easier.
Obtaining the data/time of the last successful BIND for a given user, from
within the directory is possible when using Account Policy Plug-in, but not
without setting up the accountInactivityTimeout in a policy which would cause
the account to become locked upon expiration.
In the version 1.2.10.x the following ldif seemed to work to just change the lastloginTime (without any accoutInactivityTimeout positioned):
''dn: cn=Account Policy Plugin,cn=plugins,cn=config
''dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
Has it changed in 1.2.11.x?
All you need is are these two entries in the dse.ldif:
dn: cn=Account Policy Plugin,cn=plugins,cn=config
nsslapd-pluginarg0: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
dn: cn=config,cn=Account Policy Plugin,cn=plugins,cn=config
The only way an account can get locked is if you add the acctPolicySubentry attribute to a user entry.
So if you don't want an account to get inactivated, don't add the acctPolicySubentry to the user entry.
Added initial screened field value.
Metadata Update from @nkinder:
- Issue assigned to mreynolds
- Issue set to the milestone: 22.214.171.124
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Invalid)
to comment on this ticket.