[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: shadowaccount expiry

To: "oliver" <ok@xynyx.de>, <openldap-software@OpenLDAP.org>
Subject: RE: shadowaccount expiry
From: "Howard Chu" <hyc@highlandsun.com>
Date: Thu, 23 May 2002 08:36:31 -0700
Importance: Normal
In-reply-to: <E17Atpb-0001fq-00@lea>

This comes from RFC 2307 which itself is derived from Sun's original
definition of /etc/shadow. Personally I think RFC 2307 is a mistake;
these attributes should have been specified as GeneralizedTime. RFC 2307
itself is extremely closely bound with Sun/Solaris' view of the world,
and does not support common account attributes from systems like AIX,
HP-UX, or SCO OpenServer. It has other problems too, like not using DNs
for the members of a posixGroup, etc. etc... It is unfortunate that this
RFC is worded as if it were applicable to Unix in general when it is
primarily a specification for using Sun's NIS in LDAP.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of oliver
> Sent: Thursday, May 23, 2002 7:45 AM
> To: openldap-software@OpenLDAP.org
> Subject: Re: shadowaccount expiry
>
>
> Hi,
>
> Thanks I tried it, and it works....
>
> Do you know any ressource of further information? I am always
> curious if I
> cant find it myself on the web!
>
> "number of DAYS between 01/01/1970" what a clue! *g*
>
> Oliver
>
> On Thursday 23 May 2002 16:09, Karsten Künne wrote:
> > On Thursday 23 May 2002 09:55, oliver wrote:
> > | Hi,
> > |
> > | I am authenticating my users through ldap, now I want to set expiry
> > | dates. Possble attributes:
> > |
> > | objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
> > |         DESC 'Additional attributes for shadow passwords'
> > |         MUST uid
> > |         MAY ( userPassword $ shadowLastChange $ shadowMin $
> > |               shadowMax $ shadowWarning $ shadowInactive $
> > |               shadowExpire $ shadowFlag $ description ) )
> > | all are:
> > |
> > | attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowXXX'
> > |         EQUALITY integerMatch
> > |         SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
> > |
> > | Sorry but I am lost, what do I have to specify a date, a date
> in seconds
> > | after 1970. Ive found no ressource in the web!  ;o)
> > |
> > | I try to enable: a. a fixed date of expiry b. a 20 Day lifetime
> > |
> > | Thanks for any hints
> > |
> > | Oliver
> >
> > The shadowExpire contains the number of DAYS between 01/01/1970 and the
> > actual expiration date.

References:
- Re: shadowaccount expiry
  - From: oliver <ok@xynyx.de>

Prev by Date: JNDI + LDAP
Next by Date: Attribute supportedFeatures obligated in version 2.0.23
Index(es):
- Chronological
- Thread