[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Not getting password expiry warnings on login
On Tuesday, 30 March 2010 19:50:15 Chris Jacobs wrote:
> I haven't had any success adding pwdChangedTime to accounts - and it seems
> you've assisted others with that issue - with the result being "ya can't
> do that".
>
> http://www.openldap.org/lists/openldap-software/200706/msg00298.html
>
> So, how do I add pwdChangedTime to accounts?
By updating userPassword, as covered in point (2) in my previous reply. See
below.
> I'm being advised here to do so, but the only success I've had so far is
> painful: delete the entry, and use slapadd.
>
> Thanks,
> - chris
>
> PS:
> Yes, I've read the man page for ldapmodify - I see mention of some 'general
> extensions flag - but it doesn't make sense to me. I've also seen mention
> of a '-k' flag, but it's not an option with the version of ldapsearch
> compiled with openldap 2.4.
I provide a more complete script below.
> -----Original Message-----
> From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net]
> Sent: Tuesday, March 30, 2010 3:57 AM
> To: openldap-technical@openldap.org
> Cc: Chris Jacobs
> Subject: Re: Not getting password expiry warnings on login
> > 2) I'm probably going to need to scrub these accounts
> > so that they're created correctly - likely through a slapcat - modify
> > output - wipe db (or delete entry) - slapadd (replace slapcat/add with
> > ldapmodify if that's your pref).
>
> No, update userPassword. E.g., something which does more or less:
>
> ldapsearch "(&(userPassword=*)(!(pwdChangedTime=*)))"
> userPassword|ldapmodify
ldapsearch -LLL "(&(userPassword=*)(!(pwdChangedTime=*)))" userPassword|perl -
p0e 's/\n(userPassword:)/\nreplace: userPassword\n$1/g'|ldapmodify
Now, if you only have simple binds working, then you would need to do it this
way:
read -p 'Enter Root DN: ' ROOTDN
read -s -p 'Enter Root DN Password: ' ROOTPW
ldapsearch -x -D "$ROOTDN" -w "$ROOTPW" -LLL "(&(userPassword=*)(!
(pwdChangedTime=*)))" userPassword|perl -p0e 's/\n(userPassword:)/\nreplace:
userPassword\n$1/g'|ldapmodify -x -D "$ROOTDN" -w "$ROOTPW"
However, if you don't yet know how to use ldapmodify and ldapsearch, you
really should try and learn ...
Regards,
Buchan