Cool Tool: lastlogin – Generate Report Based on Last Login Time This is a great script, many thanks to Don for his sterling efforts.
I have a client whose requirement (set by the pesky auditors!) is to automatically expire any account that hasn’t been used in the last 30 days, so I amended the script to allow this type of functionality:
# Modified to take into account whether the account is enabled or disabled
# This is specified by the attribute ‘logindisabled’ and is either TRUE or FALSE
# The -e parameter has been defined so you can filter on only enabled accounts
# The report has also been modified to detail the logindisabled state
# The original ‘delfile.ldif’ has been modified to an ‘expfile.ldif’ – this
# contains the ldap modify statements required to change the logindisabled state
# N.B. To reset the TRUE/FALSE field via ldap you seem to need to ‘delete’ the
# existing attribute and then add back the required state
# Additionally, you need the “-” line between the delete and add….
Example of the ice command required to import the generated file:
ice -l <icelog> -S LDIF -c -f expfile.ldif \ -D LDAP -s <server> -p<port> -d <admindn> -w <adminpw>