[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Not getting password expiry warnings on login



On Tuesday, 30 March 2010 19:50:15 Chris Jacobs wrote:
> I haven't had any success adding pwdChangedTime to accounts - and it seems
>  you've assisted others with that issue - with the result being "ya can't
>  do that".
> 
> http://www.openldap.org/lists/openldap-software/200706/msg00298.html
> 
> So, how do I add pwdChangedTime to accounts?

By updating userPassword, as covered in point (2) in my previous reply. See 
below.

> I'm being advised here to do so, but the only success I've had so far is
>  painful: delete the entry, and use slapadd.
> 
> Thanks,
> - chris
> 
> PS:
> Yes, I've read the man page for ldapmodify - I see mention of some 'general
>  extensions flag - but it doesn't make sense to me. I've also seen mention
>  of a '-k' flag, but it's not an option with the version of ldapsearch
>  compiled with openldap 2.4.

I provide a more complete script below.

> -----Original Message-----
> From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net]
> Sent: Tuesday, March 30, 2010 3:57 AM
> To: openldap-technical@openldap.org
> Cc: Chris Jacobs
> Subject: Re: Not getting password expiry warnings on login


> >  2) I'm probably going to need to scrub these accounts
> >  so that they're created correctly - likely through a slapcat - modify
> >  output - wipe db (or delete entry) - slapadd (replace slapcat/add with
> >  ldapmodify if that's your pref).
> 
> No, update userPassword. E.g., something which does more or less:
> 
> ldapsearch "(&(userPassword=*)(!(pwdChangedTime=*)))"
>  userPassword|ldapmodify

ldapsearch -LLL "(&(userPassword=*)(!(pwdChangedTime=*)))" userPassword|perl -
p0e 's/\n(userPassword:)/\nreplace: userPassword\n$1/g'|ldapmodify

Now, if you only have simple binds working, then you would need to do it this 
way:

read -p 'Enter Root DN: ' ROOTDN
read -s -p 'Enter Root DN Password: ' ROOTPW

ldapsearch -x -D "$ROOTDN"  -w "$ROOTPW" -LLL "(&(userPassword=*)(!
(pwdChangedTime=*)))" userPassword|perl -p0e 's/\n(userPassword:)/\nreplace: 
userPassword\n$1/g'|ldapmodify -x -D "$ROOTDN" -w "$ROOTPW"


However, if you don't yet know how to use ldapmodify and ldapsearch, you 
really should try and learn ...

Regards,
Buchan