[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes
From: subbarao@computer.org
Date: Mon, 06 Jul 2015 16:30:12 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

This is a multi-part message in MIME format.
--------------070603090603020704050207
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

FYI for anyone else who is encountering this problem -- here is a script 
that I wrote as a workaround. It sweeps through all of the 
pwdFailureTime entries in the directory and deletes stale values greater 
than $maxvalues. Also set $basedn accordingly.

It can be run with '--ldif' to preview the changes, and '--ldap' to 
actually make the changes.

The script binds with SASL EXTERNAL on the ldapi:/// interface, so make 
sure that the Unix user has the 'manage' privilege for the 
pwdFailureTime attribute. For example, to enable this for root:

access to attrs=pwdFailureTime by 
dn.base="gidnumber=0+uidnumber=0,cn=peercred,cn=external,cn=auth" manage

Regards,

     -Kartik

--------------070603090603020704050207
Content-Type: text/plain; charset=UTF-8;
 name="pwdfailuretime.pl.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="pwdfailuretime.pl.txt"

IyEgL3Vzci9iaW4vcGVybAoKIyBQdXJnZSBzdGFsZSBwd2RGYWlsdXJlVGltZSB2YWx1ZXMK
CnVzZSBOZXQ6OkxEQVA7CnVzZSBOZXQ6OkxEQVA6OkNvbnRyb2w7CnVzZSBOZXQ6OkxEQVA6
OkxESUY7CnVzZSBBdXRoZW46OlNBU0w7CnVzZSBGY250bCBxdyhMT0NLX0VYIExPQ0tfTkIp
Owp1c2UgR2V0b3B0OjpMb25nOwoKdXNlIHN0cmljdDsKCm15ICRiYXNlZG4gPSAiZGM9ZXhh
bXBsZSxkYz1jb20iOwpteSAkbWF4dmFsdWVzID0gMTA7CgojIFByZXZlbnQgbXVsdGlwbGUg
aW5zdGFuY2VzIGZyb20gcnVubmluZyBhdCB0aGUgc2FtZSB0aW1lCm9wZW4oTE9DS0ZILCAk
MCk7IGZsb2NrKExPQ0tGSCwgTE9DS19FWHxMT0NLX05CKSBvciBleGl0IDE7CgpteSAoJGdl
bmVyYXRlX2xkaWYsICR1cGRhdGVfbGRhcCk7CkdldE9wdGlvbnMoJ2xkaWYnID0+IFwkZ2Vu
ZXJhdGVfbGRpZiwgJ2xkYXAnID0+IFwkdXBkYXRlX2xkYXApOwoKbXkgJGxkaWZvdXQgPSBO
ZXQ6OkxEQVA6OkxESUYtPm5ldygnLScsICd3Jyk7CiRsZGlmb3V0LT57Y2hhbmdlfSA9IDE7
Cm15ICRsZGFwID0gTmV0OjpMREFQLT5uZXcoJ2xkYXBpOi8vJykgb3IgZGllICJsZGFwaTog
JEBcbiI7Cm15ICRzYXNsID0gQXV0aGVuOjpTQVNMLT5uZXcobWVjaGFuaXNtID0+ICdFWFRF
Uk5BTCcpOwpteSAkc2FzbF9jbGllbnQgPSAkc2FzbC0+Y2xpZW50X25ldygnbGRhcCcsICds
b2NhbGhvc3QnKTsKJGxkYXAtPmJpbmQodW5kZWYsIHNhc2wgPT4gJHNhc2xfY2xpZW50KTsK
bXkgJHJlbGF4ID0gTmV0OjpMREFQOjpDb250cm9sLT5uZXcodHlwZSA9PiAnMS4zLjYuMS40
LjEuNDIwMy42NjYuNS4xMicpOwoKbXkgJG1lc2cgPSAkbGRhcC0+c2VhcmNoKGJhc2UgPT4g
JGJhc2VkbiwKCQkJCQkJIGZpbHRlciA9PiAnKHB3ZEZhaWx1cmVUaW1lPSopJywKCQkJCQkJ
IGF0dHJzID0+IFsncHdkRmFpbHVyZVRpbWUnXSk7CiRtZXNnLT5jb2RlICYmIGRpZSgkbWVz
Zy0+ZXJyb3IgLiAiXG4iKTsKZm9yZWFjaCBteSAkZW50cnkgKCRtZXNnLT5lbnRyaWVzKSB7
CglteSBAdmFsdWVzID0gc29ydCAkZW50cnktPmdldF92YWx1ZSgncHdkRmFpbHVyZXRpbWUn
KTsKCW5leHQgaWYgQHZhbHVlcyA8PSAkbWF4dmFsdWVzOwoJIyBTZXQgQHZhbHVlcyB0byB0
aGUgbGlzdCBvZiB2YWx1ZXMgdG8gcHVyZ2UKCXNwbGljZSBAdmFsdWVzLCAtJG1heHZhbHVl
czsKCWlmICgkZ2VuZXJhdGVfbGRpZikgewoJCSRlbnRyeS0+ZGVsZXRlKCdwd2RGYWlsdXJl
dGltZScgPT4gXEB2YWx1ZXMpOwoJCSRsZGlmb3V0LT53cml0ZV9lbnRyeSgkZW50cnkpOwoJ
fQoJaWYgKCR1cGRhdGVfbGRhcCkgewoJCSRsZGFwLT5tb2RpZnkoJGVudHJ5LT5kbiwKCQkJ
CQkgIGNvbnRyb2wgPT4gJHJlbGF4LAoJCQkJCSAgZGVsZXRlID0+IHsgcHdkRmFpbHVyZXRp
bWUgPT4gXEB2YWx1ZXMgfSk7Cgl9Cn0K
--------------070603090603020704050207--

Prev by Date: Re: (ITS#8189) autoconf needed when building release
Next by Date: Re: (ITS#8185) Clarification/enhancement request: purging stale pwdFailureTime attributes
Index(es):
- Chronological
- Thread