[SAC] LDAP: time of last usage
Sandro Santilli
strk at keybit.net
Mon May 9 10:35:43 PDT 2016
I was thinking that if we want to remove dormient accounts we would
need to be able to tell the time of last _usage_ for an account.
Since "usage" probably always starts with credentials verification
(even if later real usage could be based on service-local
authenticated sessions) an approximation of that query could be
done by looking at the LDAP server datastore.
According to [this article](
http://serverfault.com/questions/390747/how-can-i-determine-the-last-time-an-open-directory-network-account-was-used-on
) the LDAP server should store such info in a per-user file, can
anyone confirm ?
Or, can you think of other ways to determine when an account was last
used ? The aim is to drop/disable/ping-to-confirm accounts that
weren't used in an year.
--strk;
More information about the Sac
mailing list