RE: ldapsearch getting attribute list in specific order

[Craig White <CWhite@skytouchtechnology.com>]

-----Original Message-----
From: Michael Ströder [mailto:michael@stroeder.com] 
Sent: Wednesday, September 09, 2015 11:14 AM
To: Craig White; openldap-technical@openldap.org
Subject: Re: ldapsearch getting attribute list in specific order

Craig White wrote:
> I am surprised I haven't tripped over this before.
> ldapsearch -b ou=people, etc. uid pwdChangedTime mail
> Wanting to e-mail people with expiring passwords.
> I am counting on 4 lines for each person.
> Dn:
> UID:
> pwdChangedTime:
> mail:
> in this exact order
> but on the last one (which happens to be me, perhaps because I was the last
> one to change my password), my 'mail' attribute was returned before the
> pwdChangedTime attribute which would cause me to re-write the code to handle
> randomness of order of the output. Do I have to re-write my bash script?

Yes, you have to handle arbitrary order.
=> I'd recommend to use a better scripting language with a decent LDAP module
for tasks like this.

If you insist on using a shell script look here:
http://ltb-project.org/wiki/documentation/ldap-scripts/checkldappwdexpiration

I have no personal experience with it though.
----
Downloaded the LTB script somewhere but it's easy enough to write. I made a few changes and it's all good now, I was just hoping not to re-write code.

We're inflicting password policy on the few who are authorized in our production environment and seems reasonable to give them fair warning before their passwords expire.

Thanks.