On 01/21/2011 12:20 PM, Aaron Hagopian wrote: > Harry, > > This is the pattern I use to parse the date in java: > "yyyyMMddHHmmss'Z'". You can probably deduce what the values > represent by looking at the pattern. Also the times are stored in UTC > so you'll probably want to convert that to the local timezone if > you're going to display the date/time to the user. > > Aaron > > 2011/1/21 <harry.devine at faa.gov <mailto:harry.devine at faa.gov>> > > > I can get the passwordexpirationtime value, but I'm unsure what > you mean by "set the password expiration to occur immediately". > I'm coming from the Windows world, so I'm used to the "User must > change password at next logon" checkbox. I don't see that > anywhere on the GUI, so I'm unclear how you set that. > > Also, how do I manipulate the dates? I get something similar to > 20110122161029Z (for example) for passwordexpirationtime. How do > I convert that to a proper date format? > What programming language are you using? http://en.wikipedia.org/wiki/ISO_8601 - the format is used with no separators (e.g. 20110122 instead of 2011-01-22) and no "T" between the date and the time. > > Also, I just changed my account's password while testing, and I > see that passwordexpirationtime got reset to 19700101000000Z. > What does the 1970xxx value represent? > That is a special value meaning the password needs to be changed. > > > Thanks, > Harry > > Harry Devine > Common ARTS Software Development > AJT-144 > (609)485-4218 > Harry.Devine at faa.gov <mailto:Harry.Devine at faa.gov> > > > From: James Roman <james.roman at ssaihq.com > <mailto:james.roman at ssaihq.com>> > To: > 389-users at lists.fedoraproject.org > <mailto:389-users at lists.fedoraproject.org> > Date: 01/21/2011 10:17 AM > Subject: Re: Determine when a password is about to > expire > Sent by: 389-users-bounces at lists.fedoraproject.org > <mailto:389-users-bounces at lists.fedoraproject.org> > > > ------------------------------------------------------------------------ > > > > Most LDAP servers use a different schema than the Microsoft > version and work from the opposite direction. Try querying > "passwordexpirationtime". You can do a search for the specific > password schema with the following info: 2.16.840.1.113730.3.2.12 > passwordObject > > I think it is more common to: > 1. administratively set the password on a user account > 2. set the password expiration to occur immediately. > 3. set the passwordGraceUserTime for a time period that allows the > user to log in solely to change their password. > > However, you must explicitly program your site to gracefully > handle this situation (condition where passwordexpirationtime < > now < passwordGraceUserTime) , since the user's LDAP > authentication attempt against the directory will fail (with an > error indicating the password has expired). > > On 01/21/2011 09:45 AM, _harry.devine at faa.gov_ > <mailto:harry.devine at faa.gov>wrote: > > I am in the process of creating a web-based mechanism to allow our > users to change their password on our new 389-ds server. I would > like to display the date that their password is due to expire, and > while Googling around, I see a lot of references to pwdLastSet, > but about 95% of the articles are referring to Active Directory. > I don't see pwdLastSet amongst the attributes in my default > 389-ds setup. Is it there, or do I have to add that attribute to > every account? > > Also, I currently have my pages set up where, when the user logs > in, it detects our 'default' password and forces them to change > it. Is there some attribute in their account that I can set that > I can key off of and force them to change their password when they > login to my site? > > Thanks for any tips! > Harry > > Harry Devine > Common ARTS Software Development > AJT-144 > (609)485-4218_ > __Harry.Devine at faa.gov_ <mailto:Harry.Devine at faa.gov> > > > -- > 389 users mailing list > _389-users at lists.fedoraproject.org_ > <mailto:389-users at lists.fedoraproject.org> > _https://admin.fedoraproject.org/mailman/listinfo/389-users_ > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > <mailto:389-users at lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > <mailto:389-users at lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20110121/57767751/attachment.html
