Are you doing this via an ldif file or stdin? Try echo -e "dn: uid=username,ou=people,dc=domain,dc=local\nchangetype: delete\ndelete: lastLoginTime\n\n" | ldapmodify -x -h yourhost -D"cn=directory manager" -wPaSsWoRd
Jim On Wed, May 9, 2012 at 11:09 AM, Rich Megginson <rmegg...@redhat.com> wrote: > On 05/09/2012 10:09 AM, Ali Jawad wrote: > > Hi Rich > Seems I still got a problem, the users can't logon anymore, I did try to > > dn: uid=username,ou=people,dc=domain,dc=local > changetype: delete > delete: lastLoginTime > > But I keep getting > > ldapmodify: extra lines at end (line 3 of entry > "uid=username,ou=people,dc=domain,dc=local") > > I checked for whitespaces, extra lines..but still same issue > > I did also check for lastLoginTime values in the users in the interface, > but the value is empty..so not sure if this is the problem at all > > > does ldapmodify -d 1 give any more useful information? > > > > Regards > > > > > > On Wed, May 9, 2012 at 5:26 PM, Ali Jawad <ali.ja...@splendor.net> wrote: > >> Hi Rich >> Your help is highly appreciated, I got it working, thanks for your >> patience. >> Regards >> >> >> On Wed, May 9, 2012 at 5:19 PM, Rich Megginson <rmegg...@redhat.com>wrote: >> >>> On 05/09/2012 08:17 AM, Ali Jawad wrote: >>> >>> Hi >>> Thanks Rich, just what I was searching for, I am facing a problem though >>> "ldapmodify: No such object (32) matched DN: dc=domain,dc=local"at : >>> >>> [user@server ~]$ ldapmodify *-a* -D "cn=directory manager" -w secret -p >>> 389 -h server.example.com -x >>> >>> dn: cn=Account Inactivation Policy,dc=example,dc=com >>> >>> objectClass: top >>> objectClass: ldapsubentry >>> objectClass: extensibleObject*objectClass: >>> accountpolicy**accountInactivityLimit: 2592000* >>> cn: Account Inactivation Policy >>> >>> >>> I am doing >>> >>> [root@386-100-16 dirsrv]# ldapmodify -D "cn=directory manager" -w >>> password -p 389 -h x.x.x.x -x >>> >>> dn: cn=Account Inactivation Policy,dc=domain,dc=local >>> objectClass: top >>> objectClass: ldapsubentry >>> objectClass: extensibleObject >>> objectClass: accountpolicy >>> accountInactivityLimit: 2592000 >>> cn: Account Inactivation Policy >>> modifying entry "cn=Account Inactivation Policy,dc=domain,dc=local" >>> >>> ldapmodify: No such object (32) >>> matched DN: dc=domain,dc=local >>> >>> >>> Right. You are missing the ldapmodify -a - see the original >>> instructions >>> >>> >>> >>> On Wed, May 9, 2012 at 4:47 PM, Rich Megginson <rmegg...@redhat.com>wrote: >>> >>>> On 05/09/2012 07:45 AM, Ali Jawad wrote: >>>> >>>> Hi >>>> I have a requirement to disable inactive users after 90 days. I did >>>> read http://directory.fedoraproject.org/wiki/Account_Policy_Design >>>> but I am not sure whether this is a design proposal or the >>>> actual implementation. >>>> >>>> My DS version is : >>>> >>>> rpm -qa | grep 389 >>>> 389-admin-console-1.1.8-1.el5 >>>> 389-ds-base-1.2.9.9-1.el5 >>>> 389-dsgw-1.1.7-2.el5 >>>> 389-console-1.1.7-3.el5 >>>> 389-adminutil-1.1.14-1.el5 >>>> 389-admin-1.1.23-1.el5 >>>> 389-admin-console-doc-1.1.8-1.el5 >>>> 389-ds-1.2.1-1.el5 >>>> 389-ds-base-libs-1.2.9.9-1.el5 >>>> 389-ds-console-1.2.6-1.el5 >>>> 389-ds-console-doc-1.2.6-1.el5 >>>> >>>> I got >>>> >>>> [root@386-100-16 dirsrv]# ldapsearch -x -D "cn=Directory manager" -w >>>> Password -b "cn=config" -s base lastLoginTime >>>> # extended LDIF >>>> # >>>> # LDAPv3 >>>> # base <cn=config> with scope baseObject >>>> # filter: (objectclass=*) >>>> # requesting: lastLoginTime >>>> # >>>> >>>> # config >>>> dn: cn=config >>>> >>>> # search result >>>> search: 2 >>>> result: 0 Success >>>> >>>> # numResponses: 2 >>>> # numEntries: 1 >>>> >>>> and >>>> >>>> [root@386-100-16 dirsrv]# grep -i lastlogintime >>>> /etc/dirsrv/slapd-386-100-16/schema/* >>>> /etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:## lastLoginTime >>>> holds login state in user entries (GeneralizedTime syntax) >>>> /etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes: ( >>>> 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' >>>> >>>> I am not sure how to implement this though, please advice. >>>> >>>> >>>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html >>>> >>>> >>>> Regards >>>> >>>> >>>> >>>> -- >>>> 389 users mailing >>>> list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users >>>> >>>> >>>> >>> >>> >>> -- >>> *Ali Jawad >>> * >>> *Information Systems Manager* >>> *Splendor Telecom (www.splendor.net) >>> Beirut, Lebanon >>> Phone: +9611373725/ext 116 >>> FAX: +9611375554* >>> >>> >>> >> >> >> -- >> *Ali Jawad >> * >> *Information Systems Manager* >> *Splendor Telecom (www.splendor.net) >> Beirut, Lebanon >> Phone: +9611373725/ext 116 >> FAX: +9611375554* >> >> > > > -- > *Ali Jawad > * > *Information Systems Manager* > *Splendor Telecom (www.splendor.net) > Beirut, Lebanon > Phone: +9611373725/ext 116 > FAX: +9611375554* > > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users