In addition, ldapsubentry objects are hidden from normal searches. You must explicitly request objects of this type by adding the (objectclass=ldapsubentry) to your search filter e.g.
'(|(objectclass=*)(objectclass=ldapsubentry))' to get all regular entries and sub entries, or just '(objectclass=ldapsubentry)' to get only the sub entry objects. Vsevolod (Simon) Ilyushchenko wrote:
Hi,I finally found where the password expiration data are located. If I do a database export from the GUI, I can see the entry:***dn: cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edumodifyTimestamp: 20051109200121ZmodifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot passwordMaxAge: 864000000 passwordWarning: 0 passwordMinAge: 0 passwordExp: on passwordGraceLimit: 0 objectClass: ldapsubentry objectClass: passwordpolicy objectClass: top cn: cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=educreatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperootcreateTimestamp: 20051109200121Z nsUniqueId: 97b5d182-1dd111b2-80f8db9c-cc6f0000 *** However, if I ldapsearch -b'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu'I'm not getting any subentries: *** # extended LDIF # # LDAPv3# base <cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu> with scope sub# filter: (objectclass=*) # requesting: ALL # # search result search: 3 result: 0 Success *** I've tried connecting both as "cn=Manager" and "uid=admin". Is there a way to access these data programmatically using ldapsearch? Thanks, Simon
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
