Ulrich Windl wrote:
Quanah Gibson-Mount <quanah@zimbra.com> schrieb am 25.09.2014 um 18:30 inNachricht <9B8A217739A5294E4C5FADD4@[192.168.1.61]>:--On Thursday, September 25, 2014 2:27 PM +0200 Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> wrote:Hi! I'd like to query userPassword attributes that don't start with "{SSHA", but it seems substring match doesn't work there. An addition I'd like to find those users that didn't change their password since the user was created, i.e. modifyTimestamp=createTimestamp, but I think that's not possible in a search filter as the right of '=' is interpreted literally, right? Any ideas?(modifyTimeStamp<=createTimestamp) should do it?
No.
Since modifyTimestamp can never be less than createTimestamp, that will only return entries where they are equal.Hi! Isn't that equivalent to (modifyTimeStamp<="createTimestamp"), i.e. isn't createTimestamp interpreted literaly?
Yes.
Or does ldapsearch do some magic if it detects an LDAP attribute on the right side?
No.
Anyway, I tried it, but I get too many results, e.g. createTimestamp: 20140908062530Z modifyTimestamp: 20140908115510Z (Of course I know I could write some Perl to do the needed filtering, but it would be nice if the LDAP server could help...)
Write an extended matching rule to do what you want.
Regards, Ulrich
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/