Hi, For future reference, I have to use the filter "(|(objectclass=ldapsubentry)(objectclass=passwordpolicy))", not just "(objectclass=ldapsubentry)". Simon Richard Megginson wrote on 11/09/2005 06:18 PM: > Those attributes are operational, so you must explicitly ask for them on > the ldapsearch command line e.g. > ldapsearch -b > 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' > passwordMaxAge passwordWarning passwordMinAge passwordExp > passwordGraceLimit > > In addition, ldapsubentry objects are hidden from normal searches. You > must explicitly request objects of this type by adding the > (objectclass=ldapsubentry) to your search filter e.g. > '(|(objectclass=*)(objectclass=ldapsubentry))' > to get all regular entries and sub entries, or just > '(objectclass=ldapsubentry)' > to get only the sub entry objects. > > Vsevolod (Simon) Ilyushchenko wrote: > >> Hi, >> >> I finally found where the password expiration data are located. If I >> do a database export from the GUI, I can see the entry: >> >> *** >> dn: >> cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu >> >> modifyTimestamp: 20051109200121Z >> modifiersName: >> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo >> t >> passwordMaxAge: 864000000 >> passwordWarning: 0 >> passwordMinAge: 0 >> passwordExp: on >> passwordGraceLimit: 0 >> objectClass: ldapsubentry >> objectClass: passwordpolicy >> objectClass: top >> cn: cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu >> creatorsName: >> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot >> createTimestamp: 20051109200121Z >> nsUniqueId: 97b5d182-1dd111b2-80f8db9c-cc6f0000 >> *** >> >> However, if I ldapsearch -b >> 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' >> >> >> I'm not getting any subentries: >> >> *** >> # extended LDIF >> # >> # LDAPv3 >> # base >> <cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu> >> with scope sub >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # search result >> search: 3 >> result: 0 Success >> *** >> >> I've tried connecting both as "cn=Manager" and "uid=admin". >> >> Is there a way to access these data programmatically using ldapsearch? >> >> Thanks, >> Simon >> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson
