Re: Fwd: Password Warnings

Legatus <lists@xxxxxxxxxxxxxxx> · Fri, 7 Mar 2008 12:08:45 -0600

I did that. I know I have done that in the past.  I see on one account
the passwordExpWarned, I don't see passwordExpirationTime. We need to
be able to give users warnings that the password will expire in N
days.  Am I looking in the wrong place, or is there a setting I haven't
set? I set up a policy that is supposed to expire passwords, and warn
users.

On Fri, Mar 7, 2008 at 11:17 AM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:

Legatus wrote:

> I have tried with this search, and also using the userid that I am

> requesting the information  from. So "uid=me,ou=people,dc=mydc" to get

> info on "uid=me,ou=people,dc=mydc"

>

> ldapsearch -x -b 'ou=people,dc=mydc' -s sub -D 'cn=directory manager'

> -w <password> "objectclass=*" attrs="passwordExpWarned

> passwordExpirationTime"

Don't use attrs="..." Just specify them on the command line - ...

"objectclass=*" passwordExpWarned passwordExpirationTime

If you want all regular attributes plus the additional operational

attributes, use "*" e.g.

ldapsearch .... "objectclass=*" \* passwordExpWarned passwordExpirationTime

ldapsearch --help

...

usage: ldapsearch [options] [filter [attributes...]]

where:

  filter        RFC-2254 compliant LDAP search filter

  attributes    whitespace-separated list of attribute descriptions

Note that openldap has a special attribute called "+" but this is not

supported by Fedora DS.

>

>

> On Fri, Mar 7, 2008 at 9:39 AM, Rich Megginson <rmeggins@xxxxxxxxxx

> <mailto:rmeggins@xxxxxxxxxx>> wrote:

>

>     Legatus wrote:

>     > I am new to the list, and I apologize if this question has been

>     > answered before.

>     >

>     > I haven't done much programming for LDAP, though I have been

>     managing

>     > directories for years. I am working with some developers, who a)

>     > aren't very imaginative, b) not very clever, and c) lazy.  So I need

>     > to know how to get at the password information that says a password

>     > has expired, is about to expire, et. al. I have tried to query

>     for the

>     > attributes using ldapsearch that seem to be what I want, like

>     > passwordexpirationtime, but I get nothing back.

>     Can you post your exact ldapsearch command line?  Note that

>     passwordexpirationtime and other password attributes in user

>     entries are

>     operational attributes - this means they are not retrieved by default

>     with an LDAP search but must be explicitly listed in the list of

>     attributes to retrieve.

>     > They all figure I should know the magic incantation, since I

>     know how

>     > to make the directory work, and usually that would be the case. This

>     > time I am stuck. Anyone solved this problem. I am running FDS 1.0.2,

>     > and 1.0.4. I get the same result in both.  Any help would be great.

>     >

>     ------------------------------------------------------------------------

>     >

>     > --

>     > Fedora-directory-users mailing list

>     > Fedora-directory-users@xxxxxxxxxx

>     <mailto:Fedora-directory-users@xxxxxxxxxx>

>     > https://www.redhat.com/mailman/listinfo/fedora-directory-users

>     >

>

>

>     --

>     Fedora-directory-users mailing list

>     Fedora-directory-users@xxxxxxxxxx

>     <mailto:Fedora-directory-users@xxxxxxxxxx>

>     https://www.redhat.com/mailman/listinfo/fedora-directory-users

>

>

>

> ------------------------------------------------------------------------

>

> --

> Fedora-directory-users mailing list

> Fedora-directory-users@xxxxxxxxxx

> https://www.redhat.com/mailman/listinfo/fedora-directory-users

>

--

Fedora-directory-users mailing list

Fedora-directory-users@xxxxxxxxxx

https://www.redhat.com/mailman/listinfo/fedora-directory-users

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users