[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Password Expriation Question

This issue seems not to be specific to OpenLDAP Software,
but specific to whatever software (nssldap/pamldap) you are
using for unix based account/password management.   The
nssldap and pamldap list is at nssldap@padl.com and
pamldap@padl.com, respectively.


At 02:46 AM 3/2/2004, Aaron M. Hirsch wrote:
>Hash: SHA1
>I'm attempting to get password aging working properly with *nix based
>hosts and am not having much luck.  Here is the output from an account
>I am testing with.
>ldapsearch -x -D "uid=ahirsch,ou=people,dc=cellnet,dc=com" -b
>"dc=cellnet,dc=com" "uid=tuser" -W
>Enter LDAP Password:
># extended LDIF
># LDAPv3
># base <dc=cellnet,dc=com> with scope sub
># filter: uid=tuser
># requesting: ALL
># tuser, office, projects, cellnet.com
>dn: uid=tuser,ou=office,ou=projects,dc=cellnet,dc=com
>uid: tuser
>cn: Test
>sn: User
>userPassword:: e2NyeXB0fUNzUTFMclhTY1VPaDI=
>loginShell: /bin/bash
>uidNumber: 999
>gidNumber: 3
>homeDirectory: /tmp
>shadowMin: 14
>shadowWarning: 14
>shadowInactive: 30
>shadowExpire: 12482
>shadowFlag: 0
>objectClass: top
>objectClass: person
>objectClass: posixAccount
>objectClass: shadowAccount
># search result
>search: 2
>result: 0 Success
># numResponses: 2
># numEntries: 1
>As you can see thre search returns shadowWarning and shadowExpire.
>Maybe I'm off on my epoch conversion, but think that I have the
>shadowExpire set for March 05, 2004.  What I 'm wondering is why I'm
>not getting any notification that the password will be expiring in x
>number of days.  To get my shadowExpire time I've used the following
>php algorithm:
>$now = time()/86400;
>$s_now = split("\.",$now);
>$c_now = "$s_now[0]";
>$p_expire = $c_now + 4;
>$now returns epoch time, with seconds, i.e. 12478.7402430556.  $s_now
>splits $now, i.e. 12478.  $c_now provides me with the first item in
>the array. $p_expire adds four to the total of $c_now, i.e. 12482
>Users have write access to userPassword and shadowExpire which is all
>I think they need.
>Anyone have any ideas of where I messed up?
>- --
>Aaron M. Hirsch
>Atos Origin - Cellnet
>11146 Thompson Ave.
>Lenexa, KS 66219
>Work:(913) 312-4717
>Fax:(913) 312-4701
>Mobile:(913) 284-9094
>Version: GnuPG v1.2.3 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org