Stdin, problem is even new users cant register anymore. Not just existing ones..will tset your suggestion Regards
On Wed, May 9, 2012 at 7:13 PM, Jim Finn <jamespf...@gmail.com> wrote: > Are you doing this via an ldif file or stdin? > > Try > echo -e "dn: uid=username,ou=people,dc=domain,dc=local\nchangetype: > delete\ndelete: lastLoginTime\n\n" | ldapmodify -x -h yourhost > -D"cn=directory manager" -wPaSsWoRd > > Jim > > On Wed, May 9, 2012 at 11:09 AM, Rich Megginson <rmegg...@redhat.com>wrote: > >> On 05/09/2012 10:09 AM, Ali Jawad wrote: >> >> Hi Rich >> Seems I still got a problem, the users can't logon anymore, I did try to >> >> dn: uid=username,ou=people,dc=domain,dc=local >> changetype: delete >> delete: lastLoginTime >> >> But I keep getting >> >> ldapmodify: extra lines at end (line 3 of entry >> "uid=username,ou=people,dc=domain,dc=local") >> >> I checked for whitespaces, extra lines..but still same issue >> >> I did also check for lastLoginTime values in the users in the >> interface, but the value is empty..so not sure if this is the problem at all >> >> >> does ldapmodify -d 1 give any more useful information? >> >> >> >> Regards >> >> >> >> >> >> On Wed, May 9, 2012 at 5:26 PM, Ali Jawad <ali.ja...@splendor.net>wrote: >> >>> Hi Rich >>> Your help is highly appreciated, I got it working, thanks for your >>> patience. >>> Regards >>> >>> >>> On Wed, May 9, 2012 at 5:19 PM, Rich Megginson <rmegg...@redhat.com>wrote: >>> >>>> On 05/09/2012 08:17 AM, Ali Jawad wrote: >>>> >>>> Hi >>>> Thanks Rich, just what I was searching for, I am facing a problem >>>> though "ldapmodify: No such object (32) matched DN: dc=domain,dc=local"at : >>>> >>>> >>>> [user@server ~]$ ldapmodify *-a* -D "cn=directory manager" -w secret -p >>>> 389 -h server.example.com -x >>>> >>>> dn: cn=Account Inactivation Policy,dc=example,dc=com >>>> >>>> objectClass: top >>>> objectClass: ldapsubentry >>>> objectClass: extensibleObject*objectClass: >>>> accountpolicy**accountInactivityLimit: 2592000* >>>> cn: Account Inactivation Policy >>>> >>>> >>>> I am doing >>>> >>>> [root@386-100-16 dirsrv]# ldapmodify -D "cn=directory manager" -w >>>> password -p 389 -h x.x.x.x -x >>>> >>>> dn: cn=Account Inactivation Policy,dc=domain,dc=local >>>> objectClass: top >>>> objectClass: ldapsubentry >>>> objectClass: extensibleObject >>>> objectClass: accountpolicy >>>> accountInactivityLimit: 2592000 >>>> cn: Account Inactivation Policy >>>> modifying entry "cn=Account Inactivation Policy,dc=domain,dc=local" >>>> >>>> ldapmodify: No such object (32) >>>> matched DN: dc=domain,dc=local >>>> >>>> >>>> Right. You are missing the ldapmodify -a - see the original >>>> instructions >>>> >>>> >>>> >>>> On Wed, May 9, 2012 at 4:47 PM, Rich Megginson <rmegg...@redhat.com>wrote: >>>> >>>>> On 05/09/2012 07:45 AM, Ali Jawad wrote: >>>>> >>>>> Hi >>>>> I have a requirement to disable inactive users after 90 days. I did >>>>> read http://directory.fedoraproject.org/wiki/Account_Policy_Design >>>>> but I am not sure whether this is a design proposal or the >>>>> actual implementation. >>>>> >>>>> My DS version is : >>>>> >>>>> rpm -qa | grep 389 >>>>> 389-admin-console-1.1.8-1.el5 >>>>> 389-ds-base-1.2.9.9-1.el5 >>>>> 389-dsgw-1.1.7-2.el5 >>>>> 389-console-1.1.7-3.el5 >>>>> 389-adminutil-1.1.14-1.el5 >>>>> 389-admin-1.1.23-1.el5 >>>>> 389-admin-console-doc-1.1.8-1.el5 >>>>> 389-ds-1.2.1-1.el5 >>>>> 389-ds-base-libs-1.2.9.9-1.el5 >>>>> 389-ds-console-1.2.6-1.el5 >>>>> 389-ds-console-doc-1.2.6-1.el5 >>>>> >>>>> I got >>>>> >>>>> [root@386-100-16 dirsrv]# ldapsearch -x -D "cn=Directory manager" -w >>>>> Password -b "cn=config" -s base lastLoginTime >>>>> # extended LDIF >>>>> # >>>>> # LDAPv3 >>>>> # base <cn=config> with scope baseObject >>>>> # filter: (objectclass=*) >>>>> # requesting: lastLoginTime >>>>> # >>>>> >>>>> # config >>>>> dn: cn=config >>>>> >>>>> # search result >>>>> search: 2 >>>>> result: 0 Success >>>>> >>>>> # numResponses: 2 >>>>> # numEntries: 1 >>>>> >>>>> and >>>>> >>>>> [root@386-100-16 dirsrv]# grep -i lastlogintime >>>>> /etc/dirsrv/slapd-386-100-16/schema/* >>>>> /etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:## lastLoginTime >>>>> holds login state in user entries (GeneralizedTime syntax) >>>>> /etc/dirsrv/slapd-386-100-16/schema/60acctpolicy.ldif:attributeTypes: >>>>> ( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' >>>>> >>>>> I am not sure how to implement this though, please advice. >>>>> >>>>> >>>>> http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/account-policy-plugin.html >>>>> >>>>> >>>>> Regards >>>>> >>>>> >>>>> >>>>> -- >>>>> 389 users mailing >>>>> list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Ali Jawad >>>> * >>>> *Information Systems Manager* >>>> *Splendor Telecom (www.splendor.net) >>>> Beirut, Lebanon >>>> Phone: +9611373725/ext 116 >>>> FAX: +9611375554* >>>> >>>> >>>> >>> >>> >>> -- >>> *Ali Jawad >>> * >>> *Information Systems Manager* >>> *Splendor Telecom (www.splendor.net) >>> Beirut, Lebanon >>> Phone: +9611373725/ext 116 >>> FAX: +9611375554* >>> >>> >> >> >> -- >> *Ali Jawad >> * >> *Information Systems Manager* >> *Splendor Telecom (www.splendor.net) >> Beirut, Lebanon >> Phone: +9611373725/ext 116 >> FAX: +9611375554* >> >> >> >> -- >> 389 users mailing list >> 389-users@lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- *Ali Jawad * *Information Systems Manager* *Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554*
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users