User Tools

Site Tools





Page Disambiguation

This Page is DEPRECATED use this link - This page describes our lifecycle management of our LDAP users.


The Lifecycle Script is written in pern and located on our vsps server:


The Scripts logs to this logfile:


And can be configured via this file:


LDAP Server configuration


The Subject of the mails

<mailSubject>Enterprise Lab Account</mailSubject>

The mail text. PLACEHOLDER will be replaced with the number in the maxInactiveDaysTillDeleted option (see below)

<mailText>Your account is locked and  will be deleted in PLACEHOLDER Days. To avoid this, log in to</mailText>

Path to the home directorys


Path to the archive directory


Minimum existing days of an account until it will be checked by the lifecycle


Maximum days till an account is disabled


Maximum days till an account will be deleted


The Logfile Path



Install SolarisStudio and be sure to set your path to use SolarisStudio binaries. If you PATH is configured to use any other binaries for cc and make, nearly all attempts to compile a CPAN module will fail. Install the following modules from System Repository:

  • library/expat
  • library/perl-5/xml-parser-584

Install the following perl modules via CPAN:

  • Net::LDAPS
  • XML::Simple
  • Data::Dumper
  • Getopt::Std
  • Net::SMTP
  • DateTime
  • Date::Calc
  • Switch
  • Array::Iterator
  • IO::Socket::SSL
  • Time::NT

Changing LDAP Attributes

Be carefull if you want to change LDAP attributes in the perl code. If you just add an attribute, it will add a new entry of the attribute. Use this structure instead.
This example fetches all entrys of an uid given, stores the elLocksend entry in a variable $lock and then processes the three states.

   my @user = LDAPsearch($ldap,$entr->get_value("uid"));
   my $userattr;
   my $lock = $user[0]->get_value("elLockSent");
   if ( $lock ) {
       if ( $lock eq "true" ) {
           # elLockSent is set to true LDAP
           # replace true with false
           $ldap->modify( $dn, replace => {
                   elLockSent => 'false',
           } );
       else {
           # elLockSent is set to false LDAP
           # replace false with true
           $ldap->modify( $dn, replace => {
                   elLockSent => 'true',
           } );
   else {
       # elLockSent is not set in LDAP
       # set it to true
       $ldap->modify( $dn, add => {
               elLockSent => 'true',
       } );

Immutable Users

On these users the immutable ldap flag is set. The lifecycle management will not edit these users. System Users:

  • wizard
  • testuser1
  • alert
  • aaiagent
  • cfxuser1
  • cfxuser2
  • cfxuser3
  • cfxuser4
  • cfxuser5

Contractors (flag will be removed when elogin is merged with pawi elogin):

  • dpilav
  • bschelli
  • akeller
  • zaziegle
  • tsamanie
  • ptobler
  • oschgi
  • mech
  • munty
  • srutz
  • talardie
  • tbrothen
  • tacarnec
  • dsteinma
  • ukl
  • zdweber
  • zchuber
  • taroeoes
  • takayser
  • taimsand
  • taegli
  • avoneuw
  • lm115986
  • mhofstet
  • bban
  • wlippert
  • wvo
  • faschwan
  • mbaumann
  • vgalliard
  • hwojnows
  • msteiner
  • ta-gast11
  • rstalder
  • liverbea
  • tamarkov
  • dkupfer
  • zamathys
  • elBaudin
  • elMuelle
  • dkupfer
projects/aai/lifecycle.txt · Last modified: 2019-07-12T10:51+0200 by bud