On 11/04/2016 03:31 AM, Todor Petkov wrote: > Hello Mark, > > for some reason I do not see expiration date for my user. What I did: > via the 389 GUI I set password expiration for my user. I did not > change the current password though > > Do I need to change the password after or it should start the count to > the reset date automatically? Hi Todor, This is a common misunderstanding. Turning on password policy's expiration time feature does not retroactively update user entries(how would it know when the password was last changed?). It can only take effect after changing a password. I know some admin's write scripts to expire everyone's passwords (setting passwordexpirationtime to an expired value). This forces everyone to change their passwords which then sets the correct passwordexpirationtime based off of the password policy. Regards, Mark > > Regards, > > > On Thu, Nov 3, 2016 at 2:21 PM, Mark Reynolds <mareynol@xxxxxxxxxx> wrote: >> Todor, >> >> All you need to do is request the passwordexpirationtime attribute from the >> user entry: >> >> For example: >> >> # ldapsearch -D "cn=directory manager" -W -b "dc=domain,dc=com" uid=USERID >> passwordexpirationtime >> >> Regards, >> Mark >> >> On 11/03/2016 03:10 AM, Todor Petkov wrote: >> >> Hello, >> >> I am trying to get the user password expiration date, so I can write a >> script to send warning email before this. I am running the following: >> ldapsearch -v -LLLx -h localhost -b >> 'cn="cn=nsPwPolicyEntry,uid=user,ou=People,dc=domain,dc=com",cn=nsPwPolicyContainer,ou=People,dc=domain,dc=com' >> "(objectclass=ldapsubentry)" >> >> But I don't see such attribute in the results. Can you give me a hint >> what's the ldap query? My versions are: >> >> 389-admin-console-1.1.8-1.el6.noarch >> 389-ds-1.2.2-1.el6.noarch >> 389-adminutil-1.1.19-1.el6.x86_64 >> 389-ds-base-libs-1.2.11.15-75.el6_8.x86_64 >> 389-ds-base-1.2.11.15-75.el6_8.x86_64 >> 389-ds-console-1.2.6-1.el6.noarch >> 389-admin-console-doc-1.1.8-1.el6.noarch >> 389-admin-1.1.35-1.el6.x86_64 >> 389-console-1.1.7-1.el6.noarch >> 389-ds-console-doc-1.2.6-1. >> el6.noarch >> 389-dsgw-1.1.11-1.el6.x86_64 >> >> >> Thanks in advance, >> _______________________________________________ >> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >> >> >> >> _______________________________________________ >> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >> > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
