When basic user mode is enabled (on-prem ISVA v10.0.3.1+), how does the last login and password change dates get stored, or do they, for basic users?
Relevant information on subject:
- https://www.ibm.com/docs/en/sva/9.0.2?topic=stanza-enable-last-login
- https://philipnye.com/2016/05/24/commonly-overlooked-isam-settings-for-production-deployments/
- https://www.iamteam.com/post/2014/01/15/enabling-last-login-and-last-password-change-for-tivoli-access-manager-users#:~:text=Login%20to%20WebSeal%20Server%20as,Save%20the%20file
Also, on a somewhat related side note, as far as disabling accounts where the last login is past a certain number of days, I assume using an EAI/InfoMap or AAC MFA is still the best way to do this? Or have a side process to query all the users nightly and mark them as account-valid false?
Thanks all!
Edit: I may have answered my own question with regards to how this is stored on basic user mode (it seems it is not), but wondering how then this is achievable with basic users? I assume we'd have to do this using an InfoMap that could make an LDAPmodify call?
Phil mentions on his site
"(Note: this only applies to ISAM users – not basic/lite users, since these are attributes that are stored in the secAuthority suffix.)"------------------------------
Matt Jenkins
------------------------------