I had to poke around a lot to find this, so I figured I would share. Lifecycle rules are stored in LDAP under:
erobjectprofilename=THEPROFILETYPE,ou=serviceProfile,ou=itim,ou=YourOrg,YourSuffix
All of the rules are stored as values in the erlifecyclerule attribute.
So, for example, I created a Lifecycle rule for a POSIX Linux account, and that rule is stored as a valaue of the erlifecyclerule attribute of the object with DN:
erobjectprofilename=PosixLinuxAccount,ou-serviceProfile,ou=itim,ou-gulfsoft,DC=COM
That is a binary attribute, so the data is stored as a Base64-encoded value. To read it, you either need to use something like Apache Directory Studio (which lets you read it directly in the interface with a couple of clicks), or if you're using ldapsearch, you need to retrieve the data then use 'base64 -d' to decode it.
I can't currently find where the schedule is stored (I'm pretty certain it's in the ITIMDB database somewhere), but I'll keep looking for it.
No comments:
Post a Comment