Re: Get user password expiration date

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm also working on it right now and using perl to do that, so I used filter (objectclass=ntUser) and requesting the passwordExpirationTime attribute like this:

filter => "objectclass=ntUser",
attrs => ["entrydn","mail","passwordExpirationTime"],
);

In my case, I prefer rather than write attributes to a file.

hope that helps in your case.




On Thu, Nov 3, 2016 at 6:44 AM, Predrag Zečević - Technical Support Analyst <predrag.zecevic@xxxxxxxxxxxxxx> wrote:
On 11/ 3/16 08:10 AM, Todor Petkov wrote:
Hello,

I am trying to get the user password expiration date, so I can write a
script to send warning email before this. I am running the following:
ldapsearch -v -LLLx -h localhost -b
'cn="cn=nsPwPolicyEntry,uid=user,ou=People,dc=domain,dc=com",cn=nsPwPolicyContainer,ou=People,dc=domain,dc=com'
"(objectclass=ldapsubentry)"

But I don't see such attribute in the results. Can you give me a hint
what's the ldap query? My versions are:

389-admin-console-1.1.8-1.el6.noarch
389-ds-1.2.2-1.el6.noarch
389-adminutil-1.1.19-1.el6.x86_64
389-ds-base-libs-1.2.11.15-75.el6_8.x86_64
389-ds-base-1.2.11.15-75.el6_8.x86_64
389-ds-console-1.2.6-1.el6.noarch
389-admin-console-doc-1.1.8-1.el6.noarch
389-admin-1.1.35-1.el6.x86_64
389-console-1.1.7-1.el6.noarch
389-ds-console-doc-1.2.6-1.el6.noarch
389-dsgw-1.1.11-1.el6.x86_64


Thanks in advance,
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org


Hi,

we are using something like:

$ ldapsearch -xLLL -D "cn=Directory Manager" -W -b "cn=nsPwPolicyContainer,ou=people,dc=my-domain,dc=com" "(&(objectClass=ldapsubentry)(objectClass=passwordPolicy)(cn=${givenName} ${sn}))"

to get password policy setup for user "cn=${givenName} ${sn}"  and check for values:

passwordInHistory: 5
passwordMinAge: 600
passwordChange: on
passwordUnlock: on
passwordLockoutDuration: 1800
passwordResetFailureCount: 600
passwordLockout: on
passwordMaxFailure: 10
passwordMaxRepeats: 0
passwordStorageScheme: ssha
passwordMaxAge: 7776000
passwordExp: on
passwordGraceLimit: 6
passwordMin8bit: 0
passwordMinAlphas: 0
passwordMinSpecials: 1
passwordMinDigits: 1
passwordMinLowers: 1
passwordMinUppers: 1
passwordMinTokenLength: 5
passwordMinCategories: 4
passwordMinLength: 8
passwordCheckSyntax: on
passwordMustChange: off


Password data is retrieved from LDAP backup ldif, created with command:

$ /usr/lib${ARCH}/dirsrv/slapd-${PADL}/db2ldif.pl -U -N -u -C -D 'cn=Directory Manager' -w - -n userRoot -a /tmp/LDAP_dump.ldif

e.g. searching for password data for "cn=${givenName} ${sn}" in output file /tmp/LDAP_dump.ldif

passwordExpWarned: 0
passwordExpirationTime: 20161214070525Z
passwordGraceUserTime: 0
passwordAllowChangeTime: 20160915071525Z
passwordHistory: 20160915070525Z{SSHA}HASH
passwordHistory: 20150927121604Z{SSHA}HASH
passwordHistory: 20151228130437Z{SSHA}HASH
passwordHistory: 20160324145753Z{SSHA}HASH
passwordHistory: 20160621103821Z{SSHA}HASH

Script parses output for user; determines e-mail address and if reminder has to be sent... (maybe there is better way to get that data, but this one works).

HTH

With best regards.
Predrag Zečević
--
Predrag Zečević
Technical Support Analyst
2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49 174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zecevic@xxxxxxxxxxxxxx

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                      65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux