Hi Rich Your help is highly appreciated, I got it working, thanks for your patience. Regards
On Wed, May 9, 2012 at 5:19 PM, Rich Megginson <rmegg...@redhat.com> wrote: > On 05/09/2012 08:17 AM, Ali Jawad wrote: > > Hi > Thanks Rich, just what I was searching for, I am facing a problem though > "ldapmodify: No such object (32) matched DN: dc=domain,dc=local"at : > > > [user@server ~]$ ldapmodify *-a* -D "cn=directory manager" -w secret -p 389 > -h server.example.com -x > > dn: cn=Account Inactivation Policy,dc=example,dc=com > > objectClass: top > objectClass: ldapsubentry > objectClass: extensibleObject*objectClass: > accountpolicy**accountInactivityLimit: 2592000* > cn: Account Inactivation Policy > > > I am doing > > [root@386-100-16 dirsrv]# ldapmodify -D "cn=directory manager" -w > password -p 389 -h x.x.x.x -x > > dn: cn=Account Inactivation Policy,dc=domain,dc=local > objectClass: top > objectClass: ldapsubentry > objectClass: extensibleObject > objectClass: accountpolicy > accountInactivityLimit: 2592000 > cn: Account Inactivation Policy > modifying entry "cn=Account Inactivation Policy,dc=domain,dc=local" > > ldapmodify: No such object (32) > matched DN: dc=domain,dc=local > > > Right. You are missing the ldapmodify -a - see the original instructions > > > > On Wed, May 9, 2012 at 4:47 PM, Rich Megginson <rmegg...@redhat.com>wrote: > >> On 05/09/2012 07:45 AM, Ali Jawad wrote: >> >> Hi >> I have a requirement to disable inactive users after 90 days. I did read >> http://directory.fedoraproject.org/wiki/Account_Policy_Design but I am >> not sure whether this is a design proposal or the actual implementation. >> >> My DS version is : >> >> rpm -qa | grep 389 >> 389-admin-console-1.1.8-1.el5 >> 389-ds-base-1.2.9.9-1.el5 >> 389-dsgw-1.1.7-2.el5 >> 389-console-1.1.7-3.el5 >> 389-adminutil-1.1.14-1.el5 >> 389-admin-1.1.23-1.el5 >> 389-admin-console-doc-1.1.8-1.el5 >> 389-ds-1.2.1-1.el5 >> 389-ds-base-libs-1.2.9.9-1.el5 >> 389-ds-console-1.2.6-1.el5 >> 389-ds-console-doc-1.2.6-1.el5 >> >> I got >> >> [root@386-100-16 dirsrv]# ldapsearch -x -D "cn=Directory manager" -w >> Password -b "cn=config" -s base lastLoginTime >> # extended LDIF >> # >> # LDAPv3 >> # base <cn=config> with scope baseObject >> # filter: (objectclass=*) >> # requesting: lastLoginTime >> # >> >> # config >> dn: cn=config >> >> # search result >> search: 2 >> result: 0 Success >> >> # numResponses: 2 >> # numEntries: 1 >> >> and >> >> [root@386-100-16 dirsrv]# grep -i lastlogintime >> /etc/dirsrv/slapd-386-100-16/schema/* >> /etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:## lastLoginTime >> holds login state in user entries (GeneralizedTime syntax) >> /etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes: ( >> 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' >> >> I am not sure how to implement this though, please advice. >> >> >> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html >> >> >> Regards >> >> >> >> -- >> 389 users mailing >> list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users >> >> >> > > > -- > *Ali Jawad > * > *Information Systems Manager* > *Splendor Telecom (www.splendor.net) > Beirut, Lebanon > Phone: +9611373725/ext 116 > FAX: +9611375554* > > > -- *Ali Jawad * *Information Systems Manager* *Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
