ldapsearch to get users with expired password
Hi
Is there any way to obtain the users with expired/expiring password? Hi have activated the password policy, making the password expire after X days, and warn them after X-10 days. Now, I want to create a cron job to send an email to users warning them about its password expiration. I know I can get that information about the user is binding, but not for the users obtained from a search. Thanks in advance. -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users Mon Feb 28 13:30:02 2011 Return-path: <bounce-debian-user=tom=linux-archive.org@lists.debian.org> Envelope-to: tom@linux-archive.org Delivery-date: Mon, 28 Feb 2011 12:58:29 +0200 Received: from liszt.debian.org ([82.195.75.100]:45813) by s2.java-tips.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <bounce-debian-user=tom=linux-archive.org@lists.debian.org>) id 1Pu0o9-0007MN-2q for tom@linux-archive.org; Mon, 28 Feb 2011 12:58:29 +0200 Received: from localhost (localhost [127.0.0.1]) by liszt.debian.org (Postfix) with QMQP id 3649F13A5597; Mon, 28 Feb 2011 12:09:35 +0000 (UTC) Old-Return-Path: <mdonada@auroraalimentos.com.br> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on liszt.debian.org X-Spam-Level: X-Spam-Status: No, score=-9.9 required=4.0 tests=HTML_MESSAGE,LDOSUBSCRIBER, LDO_WHITELIST autolearn=failed version=3.2.5 X-Original-To: lists-debian-user@liszt.debian.org Delivered-To: lists-debian-user@liszt.debian.org Received: from localhost (localhost [127.0.0.1]) by liszt.debian.org (Postfix) with ESMTP id 89A0513A5565 for <lists-debian-user@liszt.debian.org>; Mon, 28 Feb 2011 12:09:28 +0000 (UTC) X-Virus-Scanned: at lists.debian.org with policy bank en-ht X-Amavis-Spam-Status: No, score=-6 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, HTML_MESSAGE=1, LDO_WHITELIST=-5] autolearn=no Received: from liszt.debian.org ([127.0.0.1]) by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525) with ESMTP id 7+0LvUqzffI7 for <lists-debian-user@liszt.debian.org>; Mon, 28 Feb 2011 12:09:21 +0000 (UTC) X-policyd-weight: using cached result; rate: -6.1 X-Greylist: delayed 626 seconds by postgrey-1.31 at liszt; Mon, 28 Feb 2011 12:09:21 UTC Received: from auroraalimentos.com.br (mx.auroraalimentos.com.br [200.228.43.6]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by liszt.debian.org (Postfix) with ESMTPS id 3BD5413A5543 for <debian-user@lists.debian.org>; Mon, 28 Feb 2011 12:09:15 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by auroraalimentos.com.br (Postfix) with ESMTP id D72FDFD40CD for <debian-user@lists.debian.org>; Mon, 28 Feb 2011 08:58:41 -0300 (BRT) Received: from auroraalimentos.com.br ([127.0.0.1]) by localhost (mx.auroraalimentos.com.br [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fFqj+uR9LV6z for <debian-user@lists.debian.org>; Mon, 28 Feb 2011 08:58:41 -0300 (BRT) Received: from [127.0.0.1] (unknown [121.1.16.22]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by auroraalimentos.com.br (Postfix) with ESMTP id 79C50FD408B for <debian-user@lists.debian.org>; Mon, 28 Feb 2011 08:58:41 -0300 (BRT) Message-ID: <4D6B8DE6.9020309@auroraalimentos.com.br> Date: Mon, 28 Feb 2011 08:58:30 -0300 From: =?ISO-8859-1?Q?M=E1rcio_Luciano_Donada?= <mdonada@auroraalimentos.com.br> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: debian-user@lists.debian.org Subject: Migrate debian etch to virtual machine (vmware) Content-Type: multipart/alternative; boundary="------------020208010404000705040700" X-Rc-Virus: 2007-09-13_01 X-Rc-Spam: 2008-11-04_01 Resent-Message-ID: <R1XoJMo2mpD.A.dbD._B5aNB@liszt> Resent-From: debian-user@lists.debian.org X-Mailing-List: <debian-user@lists.debian.org> archive/latest/597590 X-Loop: debian-user@lists.debian.org List-Id: <debian-user.lists.debian.org> List-Post: <mailto:debian-user@lists.debian.org> List-Help: <mailto:debian-user-request@lists.debian.org?subject=help> List-Subscribe: <mailto:debian-user-request@lists.debian.org?subject=subscribe> List-Unsubscribe: <mailto:debian-user-request@lists.debian.org?subject=unsubscribe> Precedence: list Resent-Sender: debian-user-request@lists.debian.org Resent-Date: Mon, 28 Feb 2011 12:09:35 +0000 (UTC) This is a multi-part message in MIME format. --------------020208010404000705040700 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi People Physically I'm running a debian server 4 for the e-mail, but I'm having problems to use the tool to perform VM virtualization. I wonder if there is another way to virtualize this machine, do some kind of backup so you can import it in vmware. Does anyone have any tips that might help? --=20 M=E1rcio Luciano Donada Aurora Alimentos - T.I. Matriz Coop. Central Oeste Catarinense --------------020208010404000705040700 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> </head> <body bgcolor="#ffffff" text="#000000"> <span id="result_box" class="long_text"><span style="background-color: rgb(255, 255, 255);" title="Estou rodando fisicamente um servidor debian 4, para serviço de e-mail, porém, estou tento problemas para utilizar a ferramenta da VM para realizar a virtualização.">Hi People<br> Physically I'm running a debian server 4 for the e-mail, but I'm having problems to use the tool to perform VM virtualization. </span><span style="background-color: rgb(255, 255, 255);" title="Gostaria de saber se existe outra forma de virtualiza essa máquina, realizar algum tipo de backup para que possa importar a mesma no vmware.">I wonder if there is another way to virtualize this machine, do some kind of backup so you can import it in vmware. </span><span style="background-color: rgb(255, 255, 255);" title="Alguém tem alguma dica que possa auxiliar?">Does anyone have any tips that might help?</span></span> <pre class="moz-signature" cols="72">-- Márcio Luciano Donada Aurora Alimentos - T.I. Matriz Coop. Central Oeste Catarinense </pre> </body> </html> --------------020208010404000705040700-- -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/4D6B8DE6.9020309@auroraalimentos.com.br |
ldapsearch to get users with expired password
On 02/28/2011 07:08 AM, Juan Asensio Sánchez wrote:
Is there any way to obtain the users with expired/expiring password? Hi have activated the password policy, making the password expire after X days, and warn them after X-10 days. Now, I want to create a cron job to send an email to users warning them about its password expiration. I know I can get that information about the user is binding, but not for the users obtained from a search. Filters are your friend. To select passwords that have expired since midnight, you would use the following filter (using today's date Feb 28 2011): "(passwordexpirationtime<=20110228000000Z)" To select users with passwords expiring in the next 10 days (passwords expire between today at midnight AND Mar. 10 at midnight): "(&(passwordexpirationtime<=20110228000000Z)(passw ordexpirationtime>=20110310000000Z))" You may need to add additional filter terms as well. The script that we use also filters out (excludes) inactive accounts (since we don't delete accounts from our directory.) Inactivated accounts in our directory all belong to a single group (and we have the group memberof plugin enabled): "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(! (memberOf=cn=inactivated,cn=account inactivation,cn=accounts,dc=domain,dc=com))))" Depending on how your directory is designed, it might make more sense to eliminate users with the nsaccountlock attribute set to true: "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(! (nsaccountlock=true))))" -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
ldapsearch to get users with expired password
Hi
Thanks for the answer, but my users don't have the attribute passwordexpirationtime, because this attribute is not generated until the user login after the activation of the account/password policies. Reading, I have seen that when a user binds to the server, the server returns some controls indicating the expiring/expired password, if in case. But I can not bind with the user as I don't have it's password, so I can not get the controls that would return a bind with its user. Could I simulate this using a proxy auth, ie, binding as Directory Manager, but simulating a login of the user? Would this need some special ACI? I am a bit lost... Thanks in advance. 2011/2/28 James Roman <james.roman@ssaihq.com>: > On 02/28/2011 07:08 AM, Juan Asensio Sánchez wrote: > > Is there any way to obtain the users with expired/expiring password? > > Hi have activated the password policy, making the password expire > after X days, and warn them after X-10 days. Now, I want to create a > cron job to send an email to users warning them about its password > expiration. I know I can get that information about the user is > binding, but not for the users obtained from a search. > > Filters are your friend. > > To select passwords that have expired since midnight, you would use the > following filter (using today's date Feb 28 2011): > "(passwordexpirationtime<=20110228000000Z)" > > To select users with passwords expiring in the next 10 days (passwords > expire between today at midnight AND Mar. 10 at midnight): > "(&(passwordexpirationtime<=20110228000000Z)(passw ordexpirationtime>=20110310000000Z))" > > You may need to add additional filter terms as well. The script that we use > also filters out (excludes) inactive accounts (since we don't delete > accounts from our directory.) Inactivated accounts in our directory all > belong to a single group (and we have the group memberof plugin enabled): > "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(! > (memberOf=cn=inactivated,cn=account > inactivation,cn=accounts,dc=domain,dc=com))))" > > Depending on how your directory is designed, it might make more sense to > eliminate users with the nsaccountlock attribute set to true: > "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(! > (nsaccountlock=true))))" > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
ldapsearch to get users with expired password
On 03/16/2011 06:45 AM, Juan Asensio Sánchez wrote:
> Hi > > Thanks for the answer, but my users don't have the attribute > passwordexpirationtime, because this attribute is not generated until > the user login after the activation of the account/password policies. > > Reading, I have seen that when a user binds to the server, the server > returns some controls indicating the expiring/expired password, if in > case. But I can not bind with the user as I don't have it's password, > so I can not get the controls that would return a bind with its user. > Could I simulate this using a proxy auth, ie, binding as Directory > Manager, but simulating a login of the user? Would this need some > special ACI? I am a bit lost... I suppose you could use createTimestamp if passwordexpirationtime is not present. > Thanks in advance. > > 2011/2/28 James Roman<james.roman@ssaihq.com>: >> On 02/28/2011 07:08 AM, Juan Asensio Sánchez wrote: >> >> Is there any way to obtain the users with expired/expiring password? >> >> Hi have activated the password policy, making the password expire >> after X days, and warn them after X-10 days. Now, I want to create a >> cron job to send an email to users warning them about its password >> expiration. I know I can get that information about the user is >> binding, but not for the users obtained from a search. >> >> Filters are your friend. >> >> To select passwords that have expired since midnight, you would use the >> following filter (using today's date Feb 28 2011): >> "(passwordexpirationtime<=20110228000000Z)" >> >> To select users with passwords expiring in the next 10 days (passwords >> expire between today at midnight AND Mar. 10 at midnight): >> "(&(passwordexpirationtime<=20110228000000Z)(passw ordexpirationtime>=20110310000000Z))" >> >> You may need to add additional filter terms as well. The script that we use >> also filters out (excludes) inactive accounts (since we don't delete >> accounts from our directory.) Inactivated accounts in our directory all >> belong to a single group (and we have the group memberof plugin enabled): >> "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(! >> (memberOf=cn=inactivated,cn=account >> inactivation,cn=accounts,dc=domain,dc=com))))" >> >> Depending on how your directory is designed, it might make more sense to >> eliminate users with the nsaccountlock attribute set to true: >> "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(! >> (nsaccountlock=true))))" >> >> -- >> 389 users mailing list >> 389-users@lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users |
| All times are GMT. The time now is 11:05 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.