[Date Prev][Date Next] [Chronological] [Thread] [Top]

Password Expriation Question

To: openldap-software@OpenLDAP.org
Subject: Password Expriation Question
From: "Aaron M. Hirsch" <Aaron.Hirsch@atosorigin.com>
Date: Mon, 01 Mar 2004 11:46:19 -0600
Organization: AtosOrigin
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

I'm attempting to get password aging working properly with *nix based
hosts and am not having much luck.  Here is the output from an account
I am testing with.

ldapsearch -x -D "uid=ahirsch,ou=people,dc=cellnet,dc=com" -b
"dc=cellnet,dc=com" "uid=tuser" -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=cellnet,dc=com> with scope sub
# filter: uid=tuser
# requesting: ALL
#

# tuser, office, projects, cellnet.com
dn: uid=tuser,ou=office,ou=projects,dc=cellnet,dc=com
uid: tuser
cn: Test
sn: User
userPassword:: e2NyeXB0fUNzUTFMclhTY1VPaDI=
loginShell: /bin/bash
uidNumber: 999
gidNumber: 3
homeDirectory: /tmp
shadowMin: 14
shadowWarning: 14
shadowInactive: 30
shadowExpire: 12482
shadowFlag: 0
objectClass: top
objectClass: person
objectClass: posixAccount
objectClass: shadowAccount

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

As you can see thre search returns shadowWarning and shadowExpire.
Maybe I'm off on my epoch conversion, but think that I have the
shadowExpire set for March 05, 2004.  What I 'm wondering is why I'm
not getting any notification that the password will be expiring in x
number of days.  To get my shadowExpire time I've used the following
php algorithm:

$now = time()/86400;
$s_now = split("\.",$now);
$c_now = "$s_now[0]";
$p_expire = $c_now + 4;

$now returns epoch time, with seconds, i.e. 12478.7402430556.  $s_now
splits $now, i.e. 12478.  $c_now provides me with the first item in
the array. $p_expire adds four to the total of $c_now, i.e. 12482

Users have write access to userPassword and shadowExpire which is all
I think they need.

Anyone have any ideas of where I messed up?

TIA!

- --
Aaron M. Hirsch
Atos Origin - Cellnet
11146 Thompson Ave.
Lenexa, KS 66219
Work:(913) 312-4717
Fax:(913) 312-4701
Mobile:(913) 284-9094
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAQ3brgBD+XyMGAPwRAg5LAKCLeUEKWbVjiOwyR/G3JFzP1enx8gCdHz+K
LYQ+Sm3UEt3PSG4p+9bfg5w=
=qBBM
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Password Expriation Question
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- Re: Password Expriation Question
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: help, openldap-2.1.xx, host attribute - I try, try, try....and nothing :(
Next by Date: don't allow user entry with uidnumber=0
Index(es):
- Chronological
- Thread