Hi, I finally found where the password expiration data are located. If I do a database export from the GUI, I can see the entry: *** dn: cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu modifyTimestamp: 20051109200121Z modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo t passwordMaxAge: 864000000 passwordWarning: 0 passwordMinAge: 0 passwordExp: on passwordGraceLimit: 0 objectClass: ldapsubentry objectClass: passwordpolicy objectClass: top cn: cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot createTimestamp: 20051109200121Z nsUniqueId: 97b5d182-1dd111b2-80f8db9c-cc6f0000 *** However, if I ldapsearch -b 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' I'm not getting any subentries: *** # extended LDIF # # LDAPv3 # base <cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu> with scope sub # filter: (objectclass=*) # requesting: ALL # # search result search: 3 result: 0 Success *** I've tried connecting both as "cn=Manager" and "uid=admin". Is there a way to access these data programmatically using ldapsearch? Thanks, Simon -- Simon (Vsevolod ILyushchenko) simonf at cshl.edu http://www.simonf.com "Think like a man of action, act like a man of thought." Henri Bergson
