Antw: Re: Help: Query unmodified non SSHA userPasswords

["Ulrich Windl" <Ulrich.Windl@rz.uni-regensburg.de>]

>>> Quanah Gibson-Mount <quanah@zimbra.com> schrieb am 25.09.2014 um 18:30 in
Nachricht <9B8A217739A5294E4C5FADD4@[192.168.1.61]>:
> --On Thursday, September 25, 2014 2:27 PM +0200 Ulrich Windl 
> <Ulrich.Windl@rz.uni-regensburg.de> wrote:
> 
>> Hi!
>>
>> I'd like to query userPassword attributes that don't start with "{SSHA",
>> but it seems substring match doesn't work there. An addition I'd like to
>> find those users that didn't change their password since the user was
>> created, i.e. modifyTimestamp=createTimestamp, but I think that's not
>> possible in a search filter as the right of '=' is interpreted literally,
>> right?
>>
>> Any ideas?
> 
> (modifyTimeStamp<=createTimestamp) should do it?  Since modifyTimestamp can 
> never be less than createTimestamp, that will only return entries where 
> they are equal.

Hi!

Isn't that equivalent to  (modifyTimeStamp<="createTimestamp"), i.e. isn't createTimestamp interpreted literaly?


Or does ldapsearch do some magic if it detects an LDAP attribute on the right side? Anyway, I tried it, but I get too many results, e.g.
createTimestamp: 20140908062530Z
modifyTimestamp: 20140908115510Z

(Of course I know I could write some Perl to do the needed filtering, but it would be nice if the LDAP server could help...)

Regards,
Ulrich