Tool

Cool Tool: lastlogin - Generate Report Based on Last Login Time This is a great script, many thanks to Don for his sterling efforts.

I have a client whose requirement (set by the pesky auditors!) is to automatically expire any account that hasn't been used in the last 30 days, so I amended the script to allow this type of functionality:

# Modified to take into account whether the account is enabled or disabled
# This is specified by the attribute 'logindisabled' and is either TRUE or FALSE
# The -e parameter has been defined so you can filter on only enabled accounts
# The report has also been modified to detail the logindisabled state
# The original 'delfile.ldif' has been modified to an 'expfile.ldif' - this
# contains the ldap modify statements required to change the logindisabled state
# N.B. To reset the TRUE/FALSE field via ldap you seem to need to 'delete' the
# existing attribute and then add back the required state
# Additionally, you need the "-" line between the delete and add....

Example of the ice command required to import the generated file:

ice   -l <icelog> -S LDIF -c -f expfile.ldif	\
            -D LDAP -s <server> -p<port> -d <admindn> -w <adminpw>