[Freeipa-users] Date of last access attribute
Simo Sorce
simo at redhat.com
Fri Sep 13 16:26:11 UTC 2013
On Fri, 2013-09-13 at 10:58 -0400, Rob Crittenden wrote:
> Dmitri Pal wrote:
> > On 09/13/2013 05:16 AM, Marina Moreda wrote:
> >> Hi all,
> >>
> >> I need to add in my LDAP an attribute to save the date of last access
> >> to mail account, or something similar, to know when an user has
> >> stopped using his mail account. I can't find any attribute like this
> >> one. Any suggestions on how I can do this?
> >>
> >> Thanks so much.
> >>
> >>
> >>
> >> _______________________________________________
> >> Freeipa-users mailing list
> >> Freeipa-users at redhat.com
> >> https://www.redhat.com/mailman/listinfo/freeipa-users
> >
> > I think there are some operational, i.e. "meta" attributes that store
> > information when some attribute was last modified so if there is a way
> > to associate mail activity with a modification of some user attribute
> > then you can check the time stamp of this modification rather than
> > create a separate attribute. With a new attribute the question comes:
> > who, when and how updates it and whether the software you have is
> > capable of doing it? May be software already updates something on every
> > activity for the account and if this is the case then operation
> > attributes would help.
>
> There is no mail-specific activity attribute. I think about the closest
> you could get is last successful Kerberos authentication
> (krblastsuccessfulauth), but again this isn't specific to mail activity
> (unless that is all the users can do).
>
> Note too that this attribute is by default not replicated so if you have
> several IPA masters you'd need to check them all. This attribute not
> updated on LDAP binds.
Rob,
should we open a ticket to update this for plain text binds too ?
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list