Fwd: [Fedora-directory-users] Password Warnings
Legatus
lists at runyanrants.net
Fri Mar 7 18:08:45 UTC 2008
I did that. I know I have done that in the past. I see on one account the
passwordExpWarned, I don't see passwordExpirationTime. We need to be able to
give users warnings that the password will expire in N days. Am I looking
in the wrong place, or is there a setting I haven't set? I set up a policy
that is supposed to expire passwords, and warn users.
On Fri, Mar 7, 2008 at 11:17 AM, Rich Megginson <rmeggins at redhat.com> wrote:
> Legatus wrote:
> > I have tried with this search, and also using the userid that I am
> > requesting the information from. So "uid=me,ou=people,dc=mydc" to get
> > info on "uid=me,ou=people,dc=mydc"
> >
> > ldapsearch -x -b 'ou=people,dc=mydc' -s sub -D 'cn=directory manager'
> > -w <password> "objectclass=*" attrs="passwordExpWarned
> > passwordExpirationTime"
> Don't use attrs="..." Just specify them on the command line - ...
> "objectclass=*" passwordExpWarned passwordExpirationTime
> If you want all regular attributes plus the additional operational
> attributes, use "*" e.g.
> ldapsearch .... "objectclass=*" \* passwordExpWarned
> passwordExpirationTime
> ldapsearch --help
> ...
> usage: ldapsearch [options] [filter [attributes...]]
> where:
> filter RFC-2254 compliant LDAP search filter
> attributes whitespace-separated list of attribute descriptions
>
> Note that openldap has a special attribute called "+" but this is not
> supported by Fedora DS.
> >
> >
> > On Fri, Mar 7, 2008 at 9:39 AM, Rich Megginson <rmeggins at redhat.com
> > <mailto:rmeggins at redhat.com>> wrote:
> >
> > Legatus wrote:
> > > I am new to the list, and I apologize if this question has been
> > > answered before.
> > >
> > > I haven't done much programming for LDAP, though I have been
> > managing
> > > directories for years. I am working with some developers, who a)
> > > aren't very imaginative, b) not very clever, and c) lazy. So I
> need
> > > to know how to get at the password information that says a
> password
> > > has expired, is about to expire, et. al. I have tried to query
> > for the
> > > attributes using ldapsearch that seem to be what I want, like
> > > passwordexpirationtime, but I get nothing back.
> > Can you post your exact ldapsearch command line? Note that
> > passwordexpirationtime and other password attributes in user
> > entries are
> > operational attributes - this means they are not retrieved by
> default
> > with an LDAP search but must be explicitly listed in the list of
> > attributes to retrieve.
> > > They all figure I should know the magic incantation, since I
> > know how
> > > to make the directory work, and usually that would be the case.
> This
> > > time I am stuck. Anyone solved this problem. I am running FDS
> 1.0.2,
> > > and 1.0.4. I get the same result in both. Any help would be
> great.
> > >
> >
> ------------------------------------------------------------------------
> > >
> > > --
> > > Fedora-directory-users mailing list
> > > Fedora-directory-users at redhat.com
> > <mailto:Fedora-directory-users at redhat.com>
> > > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> > >
> >
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > <mailto:Fedora-directory-users at redhat.com>
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080307/ac8c27c8/attachment.html>
More information about the 389-users
mailing list