[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Extensible filters and ordering searches: filtering shadowExpire by range?

To: Côme Chilliet <come@opensides.be>, openldap-technical@openldap.org
Subject: Re: Extensible filters and ordering searches: filtering shadowExpire by range?
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Tue, 18 Jun 2019 12:36:56 -0700
Content-disposition: inline
In-reply-to: <2499576.beduc5CjLZ@mcmic-probook>
References: <2667391.fHl9Fc5JOF@mcmic-probook> <2499576.beduc5CjLZ@mcmic-probook>

--On Tuesday, June 18, 2019 12:20 PM +0200 Côme Chilliet<come@opensides.be> wrote:

So, there is no way to filter on shadowExpire values which are less than
today's timestamp?


shadowExpire is defined as an integer type, not as a timestamp, so no.

It sounds crazy that such basic needs are not covered by LDAP protocol,
have I missed something?

It's not clear to me what this has to do with the LDAP protocol. Thedefinition of the "expire" field from /etc/shadow is:

Expire : days since Jan 1, 1970 that account is disabled i.e. an absolutedate specifying when the login may no longer be used.

So it's an integer (just as the RFC defines it). I would imagine you couldwrite something that converts a current timestamp into the number of days,etc, and then perform a search.



--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- Re: Extensible filters and ordering searches: filtering shadowExpire by range?
  - From: Michael Ströder <michael@stroeder.com>

References:
- Re: Extensible filters and ordering searches: filtering shadowExpire by range?
  - From: Côme Chilliet <come@opensides.be>

Prev by Date: Re: Extensible filters and ordering searches: filtering shadowExpire by range?
Next by Date: Re: Extensible filters and ordering searches: filtering shadowExpire by range?
Index(es):
- Chronological
- Thread