Web lists-archives.com

Re: [Samba] Some hint reading password expiration data...




On Fri, 2017-10-27 at 17:10 +0200, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
>   In chel di` si favelave...
> 
> > It is an operational attribute.  simply add 
> > msDS-UserPasswordExpiryTimeComputed
> > to the list of attributes requested when searching for the user. 
> 
>  root@vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge
>  # record 1
>  dn: DC=ad,DC=fvg,DC=lnf,DC=it
>  maxPwdAge: -77760000000000
>  
>  # returned 1 records
>  # 1 entries
>  # 0 referrals
>  root@vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "ou=Users,ou=FVG,dc=ad,dc=fvg,dc=lnf,dc=it" "(cn=gaio)" pwdlastSet msDS-UserPasswordExpiryTimeComputed
>  # record 1
>  dn: CN=gaio,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
>  pwdLastSet: 131529847334416590
>  msDS-UserPasswordExpiryTimeComputed: 131607607334416590
>  
>  # returned 1 records
>  # 1 entries
>  # 0 referrals
>  root@vdcsv1:~# echo "131529847334416590+77760000000000" | bc
>  131607607334416590
> 
> Cool! ;-)

The advantage of using this is that when we eventually get to
implementing password settings objects, this will use the PSO
calculation, so you won't need to update your scripts.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba