On 01/21/2011 12:20 PM, Aaron Hagopian wrote:
Harry,
This is the pattern I use to parse the date in java:
"yyyyMMddHHmmss'Z'". You can probably deduce what the values
represent by looking at the pattern. Also the times are stored
in UTC so you'll probably want to convert that to the local
timezone if you're going to display the date/time to the user.
Aaron
2011/1/21 <harry.devine@xxxxxxx>
I can get the
passwordexpirationtime
value, but I'm unsure what you mean by "set the password
expiration
to occur immediately". I'm coming from the Windows world,
so
I'm used to the "User must change password at next logon"
checkbox.
I don't see that anywhere on the GUI, so I'm unclear how
you set
that.
Also, how do I manipulate
the dates?
I get something similar to 20110122161029Z (for example)
for passwordexpirationtime.
How do I convert that to a proper date format?
What programming language are you using?
http://en.wikipedia.org/wiki/ISO_8601 - the format is used with no
separators (e.g. 20110122 instead of 2011-01-22) and no "T" between
the date and the time.
Also, I
just
changed my account's password while testing, and I see
that passwordexpirationtime
got reset to 19700101000000Z. What does the 1970xxx value
represent?
That is a special value meaning the password needs to be changed.
Thanks,
Most LDAP servers use a different schema
than the Microsoft
version and work from the opposite direction. Try
querying "passwordexpirationtime".
You can do a search for the specific password schema
with the following
info: 2.16.840.1.113730.3.2.12 passwordObject
I think it is more common to:
1. administratively set the password on a user account
2. set the password expiration to occur immediately.
3. set the passwordGraceUserTime for a time period
that allows the user
to log in solely to change their password.
However, you must explicitly program your site to
gracefully handle this
situation (condition where passwordexpirationtime <
now < passwordGraceUserTime)
, since the user's LDAP authentication attempt against
the directory will
fail (with an error indicating the password has
expired).
On 01/21/2011 09:45 AM, harry.devine@xxxxxxx
wrote:
I am in the process of creating a web-based mechanism
to allow our users
to change their password on our new 389-ds server. I
would like to
display the date that their password is due to expire,
and while Googling
around, I see a lot of references to pwdLastSet, but
about 95% of the articles
are referring to Active Directory. I don't see
pwdLastSet amongst
the attributes in my default 389-ds setup. Is it
there, or do I have
to add that attribute to every account?
Also, I currently have my pages set up where, when the
user logs in, it
detects our 'default' password and forces them to
change it. Is there
some attribute in their account that I can set that I
can key off of and
force them to change their password when they login to
my site?
Thanks for any tips!
Harry
Harry Devine
Common ARTS Software Development
AJT-144
(609)485-4218
Harry.Devine@xxxxxxx
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
|
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
