Re: [389-users] ldapsearch to get users with expired password

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/28/2011 07:08 AM, Juan Asensio Sánchez wrote:
Is there any way to obtain the users with expired/expiring password?

Hi have activated the password policy, making the password expire
after X days, and warn them after X-10 days. Now, I want to create a
cron job to send an email to users warning them about its password
expiration. I know I can get that information about the user is
binding, but not for the users obtained from a search.

Filters are your friend.

To select passwords that have expired since midnight, you would use the following filter (using today's date Feb 28 2011):
"(passwordexpirationtime<=20110228000000Z)"

To select users with passwords expiring in the next 10 days (passwords expire between today at midnight AND Mar. 10 at midnight):
"(&(passwordexpirationtime<=20110228000000Z)(passwordexpirationtime>=20110310000000Z))"

You may need to add additional filter terms as well. The script that we use also filters out (excludes) inactive accounts (since we don't delete accounts from our directory.) Inactivated accounts in our directory all belong to a single group (and we have the group memberof plugin enabled):
"(&(&(passwordexpirationtime<=20110228000000Z)(passwordexpirationtime>=20110310000000Z)(! (memberOf=cn=inactivated,cn=account inactivation,cn=accounts,dc=domain,dc=com))))"

Depending on how your directory is designed, it might make more sense to eliminate users with the nsaccountlock attribute set to true:
"(&(&(passwordexpirationtime<=20110228000000Z)(passwordexpirationtime>=20110310000000Z)(! (nsaccountlock=true))))"
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux