Cool Tool: lastlogin - Generate Report Based on Last Login Time This is a great script, many thanks to Don for his sterling efforts.
I have a client whose requirement (set by the pesky auditors!) is to automatically expire any account that hasn't been used in the last 30 days, so I amended the script to allow this type of functionality:
# Modified to take into account whether the account is enabled or disabled
# This is specified by the attribute 'logindisabled' and is either TRUE or FALSE
# The -e parameter has been defined so you can filter on only enabled accounts
# The report has also been modified to detail the logindisabled state
# The original 'delfile.ldif' has been modified to an 'expfile.ldif' - this
# contains the ldap modify statements required to change the logindisabled state
# N.B. To reset the TRUE/FALSE field via ldap you seem to need to 'delete' the
# existing attribute and then add back the required state
# Additionally, you need the "-" line between the delete and add....
Example of the ice command required to import the generated file:
ice -l <icelog> -S LDIF -c -f expfile.ldif \
-D LDAP -s <server> -p<port> -d <admindn> -w <adminpw>
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.