How to ldapsearch password expiration data?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Those attributes are operational, so you must explicitly ask for them on 
the ldapsearch command line e.g.
ldapsearch -b 
'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' 
passwordMaxAge passwordWarning passwordMinAge passwordExp passwordGraceLimit

In addition, ldapsubentry objects are hidden from normal searches.  You 
must explicitly request objects of this type by adding the 
(objectclass=ldapsubentry) to your search filter e.g.
'(|(objectclass=*)(objectclass=ldapsubentry))'
to get all regular entries and sub entries, or just
'(objectclass=ldapsubentry)'
to get only the sub entry objects.

Vsevolod (Simon) Ilyushchenko wrote:

> Hi,
>
> I finally found where the password expiration data are located. If I 
> do a database export from the GUI, I can see the entry:
>
> ***
> dn: 
> cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu 
>
> modifyTimestamp: 20051109200121Z
> modifiersName: 
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
>  t
> passwordMaxAge: 864000000
> passwordWarning: 0
> passwordMinAge: 0
> passwordExp: on
> passwordGraceLimit: 0
> objectClass: ldapsubentry
> objectClass: passwordpolicy
> objectClass: top
> cn: cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu
> creatorsName: 
> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
> createTimestamp: 20051109200121Z
> nsUniqueId: 97b5d182-1dd111b2-80f8db9c-cc6f0000
> ***
>
> However, if I ldapsearch -b
> 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' 
>
>
> I'm not getting any subentries:
>
> ***
> # extended LDIF
> #
> # LDAPv3
> # base 
> <cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu> 
> with scope sub
> # filter: (objectclass=*)
> # requesting: ALL
> #
>
> # search result
> search: 3
> result: 0 Success
> ***
>
> I've tried connecting both as "cn=Manager" and "uid=admin".
>
> Is there a way to access these data programmatically using ldapsearch?
>
> Thanks,
> Simon
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3312 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20051109/a895c623/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux