Check if orclpwdtracklogin is set in the realm.
Issue the following ldapsearch on the password policy for the realm.
ldapsearch -h OIDhost -p OIDport -D cn=orcladmin -w pwd -b
"cn=default,cn=pwdpolicies,cn=common,cn=products,cn=oraclecontext,%Default Realm%" -s base "objectclass=*" orclpwdtracklogin
Example:
ldapsearch -h myServer.oracle.com -p 3060 -D cn=orcladmin -w welcome1 -b "cn=default,cn=pwdpolicies,cn=common,cn=products,cn=oraclecontext,dc=us,dc=oracle,dc=com" -s base "objectclass=*" orclpwdtracklogin
If orclpwdtracklogin returns with 1, Track last login time is enabled in the password policy for this realm.
If orclpwdtracklogin returns with 0 or no return, Track last login time is disabled in this password policy for this realm.
To enable, create a text file (for example :track.ldif)
with the following
dn: cn=default,cn=pwdpolicies,cn=common,cn=products,cn=oraclecontext,%Default Realm%
changetype: modify
add: orclpwdtracklogin
orclpwdtracklogin: 1
Example:
dn: cn=default,cn=pwdpolicies,cn=common,cn=products,cn=oraclecontext,dc=us,dc=oracle,dc=com
changetype: modify
add: orclpwdtracklogin
orclpwdtracklogin: 1
Run ldapmodify
ldapmodify -h OIDhost -p OIDport -D cn=orcladmin -w pwd -f track.ldif
Example:
ldapmodify -h myServer.oracle.com -p 3060 -D cn=orcladmin -w welcome1 -f track.ldif
Issue the search from step 1 again to confirm orclpwdtracklogin returns a value of 1.
Stop and restart OID
Bind as a user that resides under the realm of the password policy you've modified.
Example:
ldapbind -h myServer.oracle.com -p 3060 -D "cn=John.Smith,cn=users,dc=us,dc=oracle,dc=com" -w Mysecretpwd123
Ldapsearch the user to view the orcllastlogintime attribute
Example:
ldapsearch -h myServer.oracle.com -p 3060 -D cn=orcladmin -w welcome1 -b "cn=John.Smith,cn=users,dc=us,dc=oracle,dc=com" -s sub "objectclass=*" orcllastlogintime
Expected output will look similar to this example:
ldapsearch -h myServer.oracle.com -p 3060 -D cn=orcladmin -w welcome1 -b "cn=John.Smith,cn=users,dc=us,dc=oracle,dc=com" -s sub "objectclass=*" orcllastlogintime
cn=John.Smith,cn=Users,dc=us,dc=oracle,dc=com
orcllastlogintime=20110919151040z
Issue the following ldapsearch on the password policy for the realm.
ldapsearch -h OIDhost -p OIDport -D cn=orcladmin -w pwd -b
"cn=default,cn=pwdpolicies,cn=common,cn=products,cn=oraclecontext,%Default Realm%" -s base "objectclass=*" orclpwdtracklogin
Example:
ldapsearch -h myServer.oracle.com -p 3060 -D cn=orcladmin -w welcome1 -b "cn=default,cn=pwdpolicies,cn=common,cn=products,cn=oraclecontext,dc=us,dc=oracle,dc=com" -s base "objectclass=*" orclpwdtracklogin
If orclpwdtracklogin returns with 1, Track last login time is enabled in the password policy for this realm.
If orclpwdtracklogin returns with 0 or no return, Track last login time is disabled in this password policy for this realm.
To enable, create a text file (for example :track.ldif)
with the following
dn: cn=default,cn=pwdpolicies,cn=common,cn=products,cn=oraclecontext,%Default Realm%
changetype: modify
add: orclpwdtracklogin
orclpwdtracklogin: 1
Example:
dn: cn=default,cn=pwdpolicies,cn=common,cn=products,cn=oraclecontext,dc=us,dc=oracle,dc=com
changetype: modify
add: orclpwdtracklogin
orclpwdtracklogin: 1
Run ldapmodify
ldapmodify -h OIDhost -p OIDport -D cn=orcladmin -w pwd -f track.ldif
Example:
ldapmodify -h myServer.oracle.com -p 3060 -D cn=orcladmin -w welcome1 -f track.ldif
Issue the search from step 1 again to confirm orclpwdtracklogin returns a value of 1.
Stop and restart OID
Bind as a user that resides under the realm of the password policy you've modified.
Example:
ldapbind -h myServer.oracle.com -p 3060 -D "cn=John.Smith,cn=users,dc=us,dc=oracle,dc=com" -w Mysecretpwd123
Ldapsearch the user to view the orcllastlogintime attribute
Example:
ldapsearch -h myServer.oracle.com -p 3060 -D cn=orcladmin -w welcome1 -b "cn=John.Smith,cn=users,dc=us,dc=oracle,dc=com" -s sub "objectclass=*" orcllastlogintime
Expected output will look similar to this example:
ldapsearch -h myServer.oracle.com -p 3060 -D cn=orcladmin -w welcome1 -b "cn=John.Smith,cn=users,dc=us,dc=oracle,dc=com" -s sub "objectclass=*" orcllastlogintime
cn=John.Smith,cn=Users,dc=us,dc=oracle,dc=com
orcllastlogintime=20110919151040z
No comments:
Post a Comment