I did that. I know I have done that in the past. I see on one account the passwordExpWarned, I don't see passwordExpirationTime. We need to be able to give users warnings that the password will expire in N days. Am I looking in the wrong place, or is there a setting I haven't set? I set up a policy that is supposed to expire passwords, and warn users. On Fri, Mar 7, 2008 at 11:17 AM, Rich Megginson <rmeggins at redhat.com> wrote: > Legatus wrote: > > I have tried with this search, and also using the userid that I am > > requesting the information from. So "uid=me,ou=people,dc=mydc" to get > > info on "uid=me,ou=people,dc=mydc" > > > > ldapsearch -x -b 'ou=people,dc=mydc' -s sub -D 'cn=directory manager' > > -w <password> "objectclass=*" attrs="passwordExpWarned > > passwordExpirationTime" > Don't use attrs="..." Just specify them on the command line - ... > "objectclass=*" passwordExpWarned passwordExpirationTime > If you want all regular attributes plus the additional operational > attributes, use "*" e.g. > ldapsearch .... "objectclass=*" \* passwordExpWarned > passwordExpirationTime > ldapsearch --help > ... > usage: ldapsearch [options] [filter [attributes...]] > where: > filter RFC-2254 compliant LDAP search filter > attributes whitespace-separated list of attribute descriptions > > Note that openldap has a special attribute called "+" but this is not > supported by Fedora DS. > > > > > > On Fri, Mar 7, 2008 at 9:39 AM, Rich Megginson <rmeggins at redhat.com > > <mailto:rmeggins at redhat.com>> wrote: > > > > Legatus wrote: > > > I am new to the list, and I apologize if this question has been > > > answered before. > > > > > > I haven't done much programming for LDAP, though I have been > > managing > > > directories for years. I am working with some developers, who a) > > > aren't very imaginative, b) not very clever, and c) lazy. So I > need > > > to know how to get at the password information that says a > password > > > has expired, is about to expire, et. al. I have tried to query > > for the > > > attributes using ldapsearch that seem to be what I want, like > > > passwordexpirationtime, but I get nothing back. > > Can you post your exact ldapsearch command line? Note that > > passwordexpirationtime and other password attributes in user > > entries are > > operational attributes - this means they are not retrieved by > default > > with an LDAP search but must be explicitly listed in the list of > > attributes to retrieve. > > > They all figure I should know the magic incantation, since I > > know how > > > to make the directory work, and usually that would be the case. > This > > > time I am stuck. Anyone solved this problem. I am running FDS > 1.0.2, > > > and 1.0.4. I get the same result in both. Any help would be > great. > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > Fedora-directory-users mailing list > > > Fedora-directory-users at redhat.com > > <mailto:Fedora-directory-users at redhat.com> > > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > <mailto:Fedora-directory-users at redhat.com> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080307/a21a2d30/attachment.html
