Overview #
The SasUpdateLoginTimeInterval[1] attribute is one of the Attributes that controls the updates of Login Attributes For eDirectory NMAS logins.The SasUpdateLoginTimeInterval attribute can have values from 0 to 1440 minutes (that is, one day).
- If the value is 0, the Login Time and Last Login Time attributes are updated for every successful login.
- If the value is between 1 and 1440 minutes, the LoginTime attribute is updated after the specified interval.
If the value for SasUpdateLoginTimeInterval is NOT 0; The LoginTime attribute is not updated on consecutive successful logins during the interval.
However, if there is a login failure during the interval followed by successful login, the LoginTime attribute will be updated. The interval time from the successful login is counted.
The SasUpdateLoginTimeInterval attribute is effective only if the sasUpdateLoginInfo attribute value is set to 2 or 3.!! Setting the Value(s) The attributes can be specified for the following objects in the order of precedence (user having the highest precedence).
- user
- container
- Login Policy Security object (LPO)
- server
User or Container#
If the sasUpdateLoginInfo and SasUpdateLoginTimeInterval are set on the User or Container, the setting becomes effective after the next logon.Login Policy Security object (LPO)#
If the sasUpdateLoginInfo and SasUpdateLoginTimeInterval are set on the Login Policy object, the setting becomes effective after the next policy refresh cycle.Setting on user, container, and Login Policy objects#
You can edit the sasUpdateLoginInfo or SasUpdateLoginTimeInterval attribute values for user, container, and Login Policy objects using iManager or an ldif file. Example:dn: cn=user1,o=org changetype: modify replace: sasUpdateLoginInfo sasUpdateLoginInfo: 1 dn: cn=user1,o=org changetype: modify replace: sasUpdateLoginTimeInterval sasUpdateLoginTimeInterval: 60These setting disables the update of Login Time attribute of user1 for 60 minutes from the previous update of the attribute.
Server#
If you wish to set the values on a server by using the command line, you can do so as following. (This is used to maintain backward compatibility with the existing nmas.config file.) The following is an example, showing the content of this file, to set the attribute values on an eDirectory server: (Please note : The nmas.config file must be in the same directory as the dib directory of an eDirectory installation.)#cat nmas.config nmas LoginInfo 2 nmas UpdateLoginTimeInterval 30! Partition Root To set attributes value at the partition root:
- To add the attributes to the Tree, go to iManager > Schema > Add Attribute > Tree Root.
- Use the arrow to move the required attribute from Available optional attribute list to Optional attribute list.
Or set the values of the attribute at partition root, run the ldapmodify command and the following commands at the command line or using an ldif file:
dn: T=<enter your tree name here and delete the pointed brackets> changetype: modify add: sasUpdateLoginTimeInterval sasUpdateLoginTimeInterval: 35 dn: T=<enter your tree name here and delete the pointed brackets> changetype: modify add: sasUpdateLoginInfo sasUpdateLoginInfo: 2
- based on 2013-05-23