Open Call - Time-Limit App for eDirectory Sessions

Posted: 11 Oct 2006

Do you know of a tool or utility that solves this problem?

"I have the problem of managing the access of about 24,000 students to the school's ITCT lab. I want to find out if it is possible to create an account for each student, with a maximum of 2 hours per session and 2 hours between sessions ..."

Or would you like to create that utility?

Below are some guidelines from Aaron Burgemeister on the issue. Let us know about any pre-existing app that solves this problem, or send us your home-grown utility.

It's not possible to limit the amount of login time a user has or the time period between logins in eDirectory (eDirectory doesn't care). But if you are trying to limit this with a 3rd-party app or in a computer lab, writing an app that DOES do that limiting should be simple. eDirectory already has a Last Login Time attribute. Using that would be possible, but it may be better to have your own. Here are some suggestions:

New Auxiliary attributes for the user object

  • CurrentLoginStartTime (set by your computers when the user logs in, checked regularly by your computers to see when 120 minutes or 7200 seconds have elapsed - this is all coded by yourself)
  • LastLogoutTime (set by your computers when users log out and checked on login to be sure it's been 2 hours (see above) since the last logout before a login is allowed again....again all coded by yourself)

It's simple enough to do. Your biggest worry will be storing authentication information to set these variables in a way that is safe from intelligent students getting the credentials, and safe from those same students changing their own attributes. You will need an admin user (not a full admin, just one for this purpose) to make the changes, because a user-object making changes means a user can change their own. Be sure to hide the username/password of that admin in a secure way (directories that computer users have NO rights to).

