Need to Query Novell NDS Edirectory Attributes' Meta Data not available through LDAP

Question

Ok so this question is a hard one to answer for those who do not have much experience with Novell eDirectory.

What I am trying to do is create a work flow that will delete user objects in my eDirectory tree if upon meeting of certain requirements. The problem is that one of these requirements is dependant on a timestamp. The attribute I am looking at is the LoginDisabled attribute. This is a Boolean value, so either True or False. When looking at this attribute via LDAP methods you only get back the Boolean which is fine.

However my requirements as set forth by internal policy state that Only accounts that have been set to True for a minimum amount of 30 days can have actions performed against them. The only place I can see this timestamp is through the NDS iMonitor tool.

So my question is how do I query this timestamp that is stored outside of LDAP without having to look up each user individually in iMonitor?

If possible I would prefer a script that utilizes Powershell, but I can also use C# or Python.

Yes there are other things that are capable of being done to extend the schema and what have you but for the sake running down a rabbit hole, lets just say that modifications to the server configurations are not authorized. I am only allowed to query and It appears I need to be able to query NDS directly.

Answer 1

We are using loginTime attribute. After the ban connections (set LoginDisabled attribute to TRUE) the user can not connect to a Tree. We wait 35 days after the last login and delete user.

Answer 2

It is not possible to get this attribute over LDAP by default. However, you can try to add the attribute to LDAP. I cannot test this for I have no test server at the moment. But the theory is that you go into iManager, find the LDAP Group object for the server you want to use for LDAP.

Then click the object, goto General, Tab Attribute Map. In there, add the attribute you want and map it.