Overview #

The SasUpdateLoginTimeInterval[1] attribute is one of the Attributes that controls the updates of Login Attributes For eDirectory NMAS logins.

The SasUpdateLoginTimeInterval attribute can have values from 0 to 1440 minutes (that is, one day). 

  • If the value is 0, the Login Time and Last Login Time attributes are updated for every successful login.
  • If the value is between 1 and 1440 minutes, the LoginTime attribute is updated after the specified interval.
If the value for SasUpdateLoginTimeInterval is NOT 0 the LastLoginTime attribute will not be updated and any previous values appear to be removed.

If the value for SasUpdateLoginTimeInterval is NOT 0; The LoginTime attribute is not updated on consecutive successful logins during the interval. 

However, if there is a login failure during the interval followed by successful login, the LoginTime attribute will be updated. The interval time from the successful login is counted. 

The SasUpdateLoginTimeInterval attribute is effective only if the sasUpdateLoginInfo attribute value is set to 2 or 3.

Setting the Value(s)#

The attributes can be specified for the following objects in the order of precedence (user having the highest precedence).
  • user
  • container
  • Login Policy Security object (LPO)
  • server

User or Container#

When If the sasUpdateLoginInfo and SasUpdateLoginTimeInterval are set on the User or Container, the setting becomes effective after the next logon.

Login Policy Security object (LPO)#

If the sasUpdateLoginInfo and SasUpdateLoginTimeInterval are set on the Login Policy object, the setting becomes effective after the next policy refresh cycle. 

Setting on user, container, and Login Policy objects#

You can edit the sasUpdateLoginInfo or SasUpdateLoginTimeInterval attribute values for user, container, and Login Policy objects using iManager or an ldif file.  Example:
dn: cn=user1,o=org
change type: modify
replace: sasUpdateLoginInfo
sasUpdateLoginInfo: 1

dn: cn=user1,o=org
changetype: modify
replace: sasUpdateLoginTimeInterval
sasUpdateLoginTimeInterval: 60
These setting disables the update of Login Time attribute of user1 for 60 minutes from the previous update of the attribute.

Server#

If you wish to set the values set on a server using command line is used to maintain backward compatibility. Following is an example to set the attribute values on the eDirectory server:
#cat nmas.config (The nmas.config file must be in the same directory as the dib directory.)
nmas LoginInfo 2
nmas UpdateLoginTimeInterval 30

Partition Root#

To set attributes value at the partition root: 
  • To add the attributes to the Tree, go to iManager > Schema > Add Attribute > Tree Root. 
  • Use the arrow to move the required attribute from Available optional attribute list to Optional attribute list.

Or set the values of the attribute at partition root, run the ldapmodify command and the following commands at the command line or using an ldif file:

dn:T=< tree name>
changetype:modify
add:sasUpdateLoginTimeInterval
sasUpdateLoginTimeInterval:35

dn:T=< tree name>
changetype:modify
add:sasUpdateLoginInfo
sasUpdateLoginInfo: 2

More Information #

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-16) was last changed on 17-Jun-2013 13:49 by jim