Rich,
Thanks - I can see them now.
However, now I have questions about the semantics of password
expiration. The NIS+ tables store the account (not password) expiration
date as the absolute day number (from year 0). I'm trying to replicate
these data in FDS.
1. First of all, I'm not sure that the password expiration feature does
the same thing. When the password expires, will the user be prompted to
change it or will he be locked out?
2. Second, I can't even test it, because I can't seem to force an
expiration. The passwordMaxAge attribute is the number of days after
which the password will expire. Well, it's the number of days *since
when*? Since today? How is it updated then as the time goes by? Or since
the first logon? Where is it stored then?
I am truly missing something. The admin guide does not make it clear.
Thanks,
Simon
Richard Megginson wrote on 11/09/2005 06:18 PM:
Those attributes are operational, so you must explicitly ask for them on
the ldapsearch command line e.g.
ldapsearch -b
'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu'
passwordMaxAge passwordWarning passwordMinAge passwordExp
passwordGraceLimit
In addition, ldapsubentry objects are hidden from normal searches. You
must explicitly request objects of this type by adding the
(objectclass=ldapsubentry) to your search filter e.g.
'(|(objectclass=*)(objectclass=ldapsubentry))'
to get all regular entries and sub entries, or just
'(objectclass=ldapsubentry)'
to get only the sub entry objects.
--
Simon (Vsevolod ILyushchenko) simonf@xxxxxxxx
http://www.simonf.com
"Think like a man of action, act like a man of thought."
Henri Bergson
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
