[Fedora-directory-users] How to ldapsearch password expiration data?

Vsevolod (Simon) Ilyushchenko simonf at cshl.edu
Tue Dec 6 18:31:35 UTC 2005 

Hi,

For future reference, I have to use the filter
"(|(objectclass=ldapsubentry)(objectclass=passwordpolicy))",
not just "(objectclass=ldapsubentry)".

Simon

Richard Megginson wrote on 11/09/2005 06:18 PM:
> Those attributes are operational, so you must explicitly ask for them on 
> the ldapsearch command line e.g.
> ldapsearch -b 
> 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' 
> passwordMaxAge passwordWarning passwordMinAge passwordExp 
> passwordGraceLimit
> 
> In addition, ldapsubentry objects are hidden from normal searches.  You 
> must explicitly request objects of this type by adding the 
> (objectclass=ldapsubentry) to your search filter e.g.
> '(|(objectclass=*)(objectclass=ldapsubentry))'
> to get all regular entries and sub entries, or just
> '(objectclass=ldapsubentry)'
> to get only the sub entry objects.
> 
> Vsevolod (Simon) Ilyushchenko wrote:
> 
>> Hi,
>>
>> I finally found where the password expiration data are located. If I 
>> do a database export from the GUI, I can see the entry:
>>
>> ***
>> dn: 
>> cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu 
>>
>> modifyTimestamp: 20051109200121Z
>> modifiersName: 
>> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoo
>>  t
>> passwordMaxAge: 864000000
>> passwordWarning: 0
>> passwordMinAge: 0
>> passwordExp: on
>> passwordGraceLimit: 0
>> objectClass: ldapsubentry
>> objectClass: passwordpolicy
>> objectClass: top
>> cn: cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu
>> creatorsName: 
>> uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
>> createTimestamp: 20051109200121Z
>> nsUniqueId: 97b5d182-1dd111b2-80f8db9c-cc6f0000
>> ***
>>
>> However, if I ldapsearch -b
>> 'cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu' 
>>
>>
>> I'm not getting any subentries:
>>
>> ***
>> # extended LDIF
>> #
>> # LDAPv3
>> # base 
>> <cn="cn=nsPwPolicyEntry,uid=ilyush,ou=People,dc=cshl,dc=edu",cn=nsPwPolicyContainer,ou=People,dc=cshl,dc=edu> 
>> with scope sub
>> # filter: (objectclass=*)
>> # requesting: ALL
>> #
>>
>> # search result
>> search: 3
>> result: 0 Success
>> ***
>>
>> I've tried connecting both as "cn=Manager" and "uid=admin".
>>
>> Is there a way to access these data programmatically using ldapsearch?
>>
>> Thanks,
>> Simon
>>
> 
> ------------------------------------------------------------------------
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

-- 

Simon (Vsevolod ILyushchenko)   simonf at cshl.edu
				http://www.simonf.com

"Think like a man of action, act like a man of thought."

		         Henri Bergson

More information about the Fedora-directory-users mailing list