Re: How to ldapsearch password expiration data?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

For future reference, I have to use the filter
"(|(objectclass=ldapsubentry)(objectclass=passwordpolicy))",
not just "(objectclass=ldapsubentry)".

Simon

Richard Megginson wrote on 11/09/2005 06:18 PM:
Those attributes are operational, so you must explicitly ask for them on the ldapsearch command line e.g. ldapsearch -b 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' passwordMaxAge passwordWarning passwordMinAge passwordExp passwordGraceLimit
In addition, ldapsubentry objects are hidden from normal searches. You must explicitly request objects of this type by adding the (objectclass=ldapsubentry) to your search filter e.g. 
'(|(objectclass=*)(objectclass=ldapsubentry))'
to get all regular entries and sub entries, or just
'(objectclass=ldapsubentry)'
to get only the sub entry objects.

Vsevolod (Simon) Ilyushchenko wrote:


Hi,
I finally found where the password expiration data are located. If I do a database export from the GUI, I can see the entry: 

***
dn: cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu 
modifyTimestamp: 20051109200121Z
modifiersName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo 
 t
passwordMaxAge: 864000000
passwordWarning: 0
passwordMinAge: 0
passwordExp: on
passwordGraceLimit: 0
objectClass: ldapsubentry
objectClass: passwordpolicy
objectClass: top
cn: cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot 
createTimestamp: 20051109200121Z
nsUniqueId: 97b5d182-1dd111b2-80f8db9c-cc6f0000
***

However, if I ldapsearch -b
'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' 

I'm not getting any subentries:

***
# extended LDIF
#
# LDAPv3
# base <cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu> with scope sub 
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 3
result: 0 Success
***

I've tried connecting both as "cn=Manager" and "uid=admin".

Is there a way to access these data programmatically using ldapsearch?

Thanks,
Simon



------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users


--

Simon (Vsevolod ILyushchenko)   simonf@xxxxxxxx
				http://www.simonf.com

"Think like a man of action, act like a man of thought."

		         Henri Bergson

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux