FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 02-28-2011, 11:08 AM
Juan Asensio Sánchez
 
Default ldapsearch to get users with expired password

Hi

Is there any way to obtain the users with expired/expiring password?

Hi have activated the password policy, making the password expire
after X days, and warn them after X-10 days. Now, I want to create a
cron job to send an email to users warning them about its password
expiration. I know I can get that information about the user is
binding, but not for the users obtained from a search.

Thanks in advance.
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

Mon Feb 28 13:30:02 2011
Return-path: <bounce-debian-user=tom=linux-archive.org@lists.debian.org>
Envelope-to: tom@linux-archive.org
Delivery-date: Mon, 28 Feb 2011 12:58:29 +0200
Received: from liszt.debian.org ([82.195.75.100]:45813)
by s2.java-tips.org with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.69)
(envelope-from <bounce-debian-user=tom=linux-archive.org@lists.debian.org>)
id 1Pu0o9-0007MN-2q
for tom@linux-archive.org; Mon, 28 Feb 2011 12:58:29 +0200
Received: from localhost (localhost [127.0.0.1])
by liszt.debian.org (Postfix) with QMQP
id 3649F13A5597; Mon, 28 Feb 2011 12:09:35 +0000 (UTC)
Old-Return-Path: <mdonada@auroraalimentos.com.br>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on liszt.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-9.9 required=4.0 tests=HTML_MESSAGE,LDOSUBSCRIBER,
LDO_WHITELIST autolearn=failed version=3.2.5
X-Original-To: lists-debian-user@liszt.debian.org
Delivered-To: lists-debian-user@liszt.debian.org
Received: from localhost (localhost [127.0.0.1])
by liszt.debian.org (Postfix) with ESMTP id 89A0513A5565
for <lists-debian-user@liszt.debian.org>; Mon, 28 Feb 2011 12:09:28 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-6 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, HTML_MESSAGE=1, LDO_WHITELIST=-5] autolearn=no
Received: from liszt.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
with ESMTP id 7+0LvUqzffI7 for <lists-debian-user@liszt.debian.org>;
Mon, 28 Feb 2011 12:09:21 +0000 (UTC)
X-policyd-weight: using cached result; rate: -6.1
X-Greylist: delayed 626 seconds by postgrey-1.31 at liszt; Mon, 28 Feb 2011 12:09:21 UTC
Received: from auroraalimentos.com.br (mx.auroraalimentos.com.br [200.228.43.6])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by liszt.debian.org (Postfix) with ESMTPS id 3BD5413A5543
for <debian-user@lists.debian.org>; Mon, 28 Feb 2011 12:09:15 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
by auroraalimentos.com.br (Postfix) with ESMTP id D72FDFD40CD
for <debian-user@lists.debian.org>; Mon, 28 Feb 2011 08:58:41 -0300 (BRT)
Received: from auroraalimentos.com.br ([127.0.0.1])
by localhost (mx.auroraalimentos.com.br [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fFqj+uR9LV6z for <debian-user@lists.debian.org>;
Mon, 28 Feb 2011 08:58:41 -0300 (BRT)
Received: from [127.0.0.1] (unknown [121.1.16.22])
(using TLSv1 with cipher AES256-SHA (256/256 bits))
(No client certificate requested)
by auroraalimentos.com.br (Postfix) with ESMTP id 79C50FD408B
for <debian-user@lists.debian.org>; Mon, 28 Feb 2011 08:58:41 -0300 (BRT)
Message-ID: <4D6B8DE6.9020309@auroraalimentos.com.br>
Date: Mon, 28 Feb 2011 08:58:30 -0300
From: =?ISO-8859-1?Q?M=E1rcio_Luciano_Donada?=
<mdonada@auroraalimentos.com.br>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
MIME-Version: 1.0
To: debian-user@lists.debian.org
Subject: Migrate debian etch to virtual machine (vmware)
Content-Type: multipart/alternative;
boundary="------------020208010404000705040700"
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <R1XoJMo2mpD.A.dbD._B5aNB@liszt>
Resent-From: debian-user@lists.debian.org
X-Mailing-List: <debian-user@lists.debian.org> archive/latest/597590
X-Loop: debian-user@lists.debian.org
List-Id: <debian-user.lists.debian.org>
List-Post: <mailto:debian-user@lists.debian.org>
List-Help: <mailto:debian-user-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-user-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-user-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-user-request@lists.debian.org
Resent-Date: Mon, 28 Feb 2011 12:09:35 +0000 (UTC)

This is a multi-part message in MIME format.
--------------020208010404000705040700
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hi People
Physically I'm running a debian server 4 for the e-mail, but I'm having
problems to use the tool to perform VM virtualization. I wonder if there
is another way to virtualize this machine, do some kind of backup so you
can import it in vmware. Does anyone have any tips that might help?

--=20
M=E1rcio Luciano Donada
Aurora Alimentos - T.I. Matriz
Coop. Central Oeste Catarinense


--------------020208010404000705040700
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
<span id="result_box" class="long_text"><span
style="background-color: rgb(255, 255, 255);" title="Estou
rodando fisicamente um servidor debian 4, para servi&ccedil;o de
e-mail, por&eacute;m, estou tento problemas para utilizar a ferramenta
da VM para realizar a virtualiza&ccedil;&atilde;o.">Hi People<br>
Physically I'm running a debian server 4 for the e-mail, but I'm
having problems to use the tool to perform VM virtualization. </span><span
style="background-color: rgb(255, 255, 255);" title="Gostaria de
saber se existe outra forma de virtualiza essa m&aacute;quina, realizar
algum tipo de backup para que possa importar a mesma no vmware.">I
wonder if there is another way to virtualize this machine, do
some kind of backup so you can import it in vmware. </span><span
style="background-color: rgb(255, 255, 255);" title="Algu&eacute;m tem
alguma dica que possa auxiliar?">Does anyone have any tips that
might help?</span></span>
<pre class="moz-signature" cols="72">--
M&aacute;rcio Luciano Donada
Aurora Alimentos - T.I. Matriz
Coop. Central Oeste Catarinense
</pre>
</body>
</html>

--------------020208010404000705040700--


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/4D6B8DE6.9020309@auroraalimentos.com.br
 
Old 02-28-2011, 12:51 PM
James Roman
 
Default ldapsearch to get users with expired password

On 02/28/2011 07:08 AM, Juan Asensio Sánchez wrote:


Is there any way to obtain the users with expired/expiring password?

Hi have activated the password policy, making the password expire
after X days, and warn them after X-10 days. Now, I want to create a
cron job to send an email to users warning them about its password
expiration. I know I can get that information about the user is
binding, but not for the users obtained from a search.



Filters are your friend.



To select passwords that have expired since midnight, you would use
the following filter (using today's date Feb 28 2011):

"(passwordexpirationtime<=20110228000000Z)"



To select users with passwords expiring in the next 10 days
(passwords expire between today at midnight AND Mar. 10 at
midnight):

"(&(passwordexpirationtime<=20110228000000Z)(passw ordexpirationtime>=20110310000000Z))"




You may need to add additional filter terms as well. The script that
we use also filters out (excludes) inactive accounts (since we don't
delete accounts from our directory.) Inactivated accounts in our
directory all belong to a single group (and we have the group
memberof plugin enabled):

"(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(! (memberOf=cn=inactivated,cn=account
inactivation,cn=accounts,dc=domain,dc=com))))"



Depending on how your directory is designed, it might make more
sense to eliminate users with the nsaccountlock attribute set to
true:

"(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(! (nsaccountlock=true))))"



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-16-2011, 11:45 AM
Juan Asensio Sánchez
 
Default ldapsearch to get users with expired password

Hi

Thanks for the answer, but my users don't have the attribute
passwordexpirationtime, because this attribute is not generated until
the user login after the activation of the account/password policies.

Reading, I have seen that when a user binds to the server, the server
returns some controls indicating the expiring/expired password, if in
case. But I can not bind with the user as I don't have it's password,
so I can not get the controls that would return a bind with its user.
Could I simulate this using a proxy auth, ie, binding as Directory
Manager, but simulating a login of the user? Would this need some
special ACI? I am a bit lost...

Thanks in advance.

2011/2/28 James Roman <james.roman@ssaihq.com>:
> On 02/28/2011 07:08 AM, Juan Asensio Sánchez wrote:
>
> Is there any way to obtain the users with expired/expiring password?
>
> Hi have activated the password policy, making the password expire
> after X days, and warn them after X-10 days. Now, I want to create a
> cron job to send an email to users warning them about its password
> expiration. I know I can get that information about the user is
> binding, but not for the users obtained from a search.
>
> Filters are your friend.
>
> To select passwords that have expired since midnight, you would use the
> following filter (using today's date Feb 28 2011):
> "(passwordexpirationtime<=20110228000000Z)"
>
> To select users with passwords expiring in the next 10 days (passwords
> expire between today at midnight AND Mar. 10 at midnight):
> "(&(passwordexpirationtime<=20110228000000Z)(passw ordexpirationtime>=20110310000000Z))"
>
> You may need to add additional filter terms as well. The script that we use
> also filters out (excludes) inactive accounts (since we don't delete
> accounts from our directory.) Inactivated accounts in our directory all
> belong to a single group (and we have the group memberof plugin enabled):
> "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(!
> (memberOf=cn=inactivated,cn=account
> inactivation,cn=accounts,dc=domain,dc=com))))"
>
> Depending on how your directory is designed, it might make more sense to
> eliminate users with the nsaccountlock attribute set to true:
> "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(!
> (nsaccountlock=true))))"
>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 03-22-2011, 07:36 PM
Rich Megginson
 
Default ldapsearch to get users with expired password

On 03/16/2011 06:45 AM, Juan Asensio Sánchez wrote:
> Hi
>
> Thanks for the answer, but my users don't have the attribute
> passwordexpirationtime, because this attribute is not generated until
> the user login after the activation of the account/password policies.
>
> Reading, I have seen that when a user binds to the server, the server
> returns some controls indicating the expiring/expired password, if in
> case. But I can not bind with the user as I don't have it's password,
> so I can not get the controls that would return a bind with its user.
> Could I simulate this using a proxy auth, ie, binding as Directory
> Manager, but simulating a login of the user? Would this need some
> special ACI? I am a bit lost...
I suppose you could use createTimestamp if passwordexpirationtime is not
present.
> Thanks in advance.
>
> 2011/2/28 James Roman<james.roman@ssaihq.com>:
>> On 02/28/2011 07:08 AM, Juan Asensio Sánchez wrote:
>>
>> Is there any way to obtain the users with expired/expiring password?
>>
>> Hi have activated the password policy, making the password expire
>> after X days, and warn them after X-10 days. Now, I want to create a
>> cron job to send an email to users warning them about its password
>> expiration. I know I can get that information about the user is
>> binding, but not for the users obtained from a search.
>>
>> Filters are your friend.
>>
>> To select passwords that have expired since midnight, you would use the
>> following filter (using today's date Feb 28 2011):
>> "(passwordexpirationtime<=20110228000000Z)"
>>
>> To select users with passwords expiring in the next 10 days (passwords
>> expire between today at midnight AND Mar. 10 at midnight):
>> "(&(passwordexpirationtime<=20110228000000Z)(passw ordexpirationtime>=20110310000000Z))"
>>
>> You may need to add additional filter terms as well. The script that we use
>> also filters out (excludes) inactive accounts (since we don't delete
>> accounts from our directory.) Inactivated accounts in our directory all
>> belong to a single group (and we have the group memberof plugin enabled):
>> "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(!
>> (memberOf=cn=inactivated,cn=account
>> inactivation,cn=accounts,dc=domain,dc=com))))"
>>
>> Depending on how your directory is designed, it might make more sense to
>> eliminate users with the nsaccountlock attribute set to true:
>> "(&(&(passwordexpirationtime<=20110228000000Z)(pas swordexpirationtime>=20110310000000Z)(!
>> (nsaccountlock=true))))"
>>
>> --
>> 389 users mailing list
>> 389-users@lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
> --
> 389 users mailing list
> 389-users@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 06:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org