Expire Accounts Not Used in 30 Days
Novell Cool Solutions: Cool Tool
Reader Rating 
In Brief
Script expires accounts that haven't been used in the last 30 days.
Vitals
- Product Categories:
- eDirectory
- Functional Categories:
- BASH
- LDAP (Lightweight Directory Access Protocol)
- Linux
| Posted: | 11 Oct 2007 |
| File Size: | 6KB |
| License: | Free |
| Download: | /coolsolutions/tools/downloads/lastloginexp.rar |
| Publisher: | David Brightman |
Disclaimer
Please read the note from our friends in legal before using this file.
Details
This is a great script, many thanks to Don for his sterling efforts.
I have a client whose requirement (set by the pesky auditors!) is to automatically expire any account that hasn't been used in the last 30 days, so I amended the script to allow this type of functionality:
# Modified to take into account whether the account is enabled or disabled
# This is specified by the attribute 'logindisabled' and is either TRUE or FALSE
# The -e parameter has been defined so you can filter on only enabled accounts
# The report has also been modified to detail the logindisabled state
# The original 'delfile.ldif' has been modified to an 'expfile.ldif' - this
# contains the ldap modify statements required to change the logindisabled state
# N.B. To reset the TRUE/FALSE field via ldap you seem to need to 'delete' the
# existing attribute and then add back the required state
# Additionally, you need the "-" line between the delete and add....
Example of the ice command required to import the generated file:
ice -l <icelog> -S LDIF -c -f expfile.ldif \
-D LDAP -s <server> -p<port> -d <admindn> -w <adminpw>
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com