[SAC] LDAP: time of last usage
Martin Spott
Martin.Spott at mgras.net
Sun Sep 25 14:09:58 PDT 2016
Sandro Santilli wrote:
> According to [this article](
> http://serverfault.com/questions/390747/how-can-i-determine-the-last-time-an-open-directory-network-account-was-used-on
> ) the LDAP server should store such info in a per-user file, can
> anyone confirm ?
As far as I can tell, OpenLDAP only stores creation and modification
timestamps, but no access timestamps. Aside from that, the latter are
subject to being inaccurate because many clients are caching user
objects.
> Or, can you think of other ways to determine when an account was last
> used ? The aim is to drop/disable/ping-to-confirm accounts that
> weren't used in an year.
The only procedure I can imagine is to set up a dedicated, custom log
just for this special purpose - maybe from monitoring the default log.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
More information about the Sac
mailing list