Quanah Gibson-Mount wrote:
> --On Thursday, September 25, 2014 2:27 PM +0200 Ulrich Windl
> <Ulrich.Windl@rz.uni-regensburg.de> wrote:
>> I'd like to query userPassword attributes that don't start with "{SSHA",
>> but it seems substring match doesn't work there. An addition I'd like to
>> find those users that didn't change their password since the user was
>> created, i.e. modifyTimestamp=createTimestamp, but I think that's not
>> possible in a search filter as the right of '=' is interpreted literally,
>> right?
>>
>> Any ideas?
>
> (modifyTimeStamp<=createTimestamp) should do it? Since modifyTimestamp can
> never be less than createTimestamp, that will only return entries where they
> are equal.
For various reasons running with slapo-ppolicy and querying pwdChangedTime
would be a better choice.
'userPassword' only has EQUALITY and ORDERING matching rules. One could maybe
query with >= and <=?
Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature