[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Password Expriation Question
This issue seems not to be specific to OpenLDAP Software,
but specific to whatever software (nssldap/pamldap) you are
using for unix based account/password management. The
nssldap and pamldap list is at nssldap@padl.com and
pamldap@padl.com, respectively.
Kurt
At 02:46 AM 3/2/2004, Aaron M. Hirsch wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>All,
>
>I'm attempting to get password aging working properly with *nix based
>hosts and am not having much luck. Here is the output from an account
>I am testing with.
>
>ldapsearch -x -D "uid=ahirsch,ou=people,dc=cellnet,dc=com" -b
>"dc=cellnet,dc=com" "uid=tuser" -W
>Enter LDAP Password:
># extended LDIF
>#
># LDAPv3
># base <dc=cellnet,dc=com> with scope sub
># filter: uid=tuser
># requesting: ALL
>#
>
># tuser, office, projects, cellnet.com
>dn: uid=tuser,ou=office,ou=projects,dc=cellnet,dc=com
>uid: tuser
>cn: Test
>sn: User
>userPassword:: e2NyeXB0fUNzUTFMclhTY1VPaDI=
>loginShell: /bin/bash
>uidNumber: 999
>gidNumber: 3
>homeDirectory: /tmp
>shadowMin: 14
>shadowWarning: 14
>shadowInactive: 30
>shadowExpire: 12482
>shadowFlag: 0
>objectClass: top
>objectClass: person
>objectClass: posixAccount
>objectClass: shadowAccount
>
># search result
>search: 2
>result: 0 Success
>
># numResponses: 2
># numEntries: 1
>
>As you can see thre search returns shadowWarning and shadowExpire.
>Maybe I'm off on my epoch conversion, but think that I have the
>shadowExpire set for March 05, 2004. What I 'm wondering is why I'm
>not getting any notification that the password will be expiring in x
>number of days. To get my shadowExpire time I've used the following
>php algorithm:
>
>$now = time()/86400;
>$s_now = split("\.",$now);
>$c_now = "$s_now[0]";
>$p_expire = $c_now + 4;
>
>$now returns epoch time, with seconds, i.e. 12478.7402430556. $s_now
>splits $now, i.e. 12478. $c_now provides me with the first item in
>the array. $p_expire adds four to the total of $c_now, i.e. 12482
>
>Users have write access to userPassword and shadowExpire which is all
>I think they need.
>
>Anyone have any ideas of where I messed up?
>
>TIA!
>
>- --
>Aaron M. Hirsch
>Atos Origin - Cellnet
>11146 Thompson Ave.
>Lenexa, KS 66219
>Work:(913) 312-4717
>Fax:(913) 312-4701
>Mobile:(913) 284-9094
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.3 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFAQ3brgBD+XyMGAPwRAg5LAKCLeUEKWbVjiOwyR/G3JFzP1enx8gCdHz+K
>LYQ+Sm3UEt3PSG4p+9bfg5w=
>=qBBM
>-----END PGP SIGNATURE-----