Hi, I just updated my password (from the linux shell, using password, if this matters), and it does not show in ldapsearch: ldapsearch -D "cn=directory manager" -W -b "dc=domain,dc=com" uid=todor.petkov passwordexpirationtime When I do ldapsearch for "cn=nsPwPolicyEntry" and "cn=nsPwPolicyContainer" for my user, I see there is policy set.. Back to playing with the GUI:) Thanks, On Fri, Nov 4, 2016 at 3:20 PM, Mark Reynolds <mareynol@xxxxxxxxxx> wrote: > > > On 11/04/2016 03:31 AM, Todor Petkov wrote: >> Hello Mark, >> >> for some reason I do not see expiration date for my user. What I did: >> via the 389 GUI I set password expiration for my user. I did not >> change the current password though >> >> Do I need to change the password after or it should start the count to >> the reset date automatically? > Hi Todor, > > This is a common misunderstanding. Turning on password policy's > expiration time feature does not retroactively update user entries(how > would it know when the password was last changed?). It can only take > effect after changing a password. > > I know some admin's write scripts to expire everyone's passwords > (setting passwordexpirationtime to an expired value). This forces > everyone to change their passwords which then sets the correct > passwordexpirationtime based off of the password policy. > > Regards, > Mark >> >> Regards, >> >> >> On Thu, Nov 3, 2016 at 2:21 PM, Mark Reynolds <mareynol@xxxxxxxxxx> wrote: >>> Todor, >>> >>> All you need to do is request the passwordexpirationtime attribute from the >>> user entry: >>> >>> For example: >>> >>> # ldapsearch -D "cn=directory manager" -W -b "dc=domain,dc=com" uid=USERID >>> passwordexpirationtime >>> >>> Regards, >>> Mark >>> >>> On 11/03/2016 03:10 AM, Todor Petkov wrote: >>> >>> Hello, >>> >>> I am trying to get the user password expiration date, so I can write a >>> script to send warning email before this. I am running the following: >>> ldapsearch -v -LLLx -h localhost -b >>> 'cn="cn=nsPwPolicyEntry,uid=user,ou=People,dc=domain,dc=com",cn=nsPwPolicyContainer,ou=People,dc=domain,dc=com' >>> "(objectclass=ldapsubentry)" >>> >>> But I don't see such attribute in the results. Can you give me a hint >>> what's the ldap query? My versions are: >>> >>> 389-admin-console-1.1.8-1.el6.noarch >>> 389-ds-1.2.2-1.el6.noarch >>> 389-adminutil-1.1.19-1.el6.x86_64 >>> 389-ds-base-libs-1.2.11.15-75.el6_8.x86_64 >>> 389-ds-base-1.2.11.15-75.el6_8.x86_64 >>> 389-ds-console-1.2.6-1.el6.noarch >>> 389-admin-console-doc-1.1.8-1.el6.noarch >>> 389-admin-1.1.35-1.el6.x86_64 >>> 389-console-1.1.7-1.el6.noarch >>> 389-ds-console-doc-1.2.6-1. >>> el6.noarch >>> 389-dsgw-1.1.11-1.el6.x86_64 >>> >>> >>> Thanks in advance, >>> _______________________________________________ >>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>> >>> >>> >>> _______________________________________________ >>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx >>> >> _______________________________________________ >> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ > 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
