[Samba] Users list and the date the password will expire

Mark Foley mfoley at ohprs.org
Mon Mar 27 00:51:26 UTC 2017


On Sun, 26 Mar 2017 19:31:48 -0400 Mark Foley wrote:
>
> On Sun, 26 Mar 2017 19:53:01 +0100 Rowland Penny wrote:
> >
> > On Sun, 26 Mar 2017 14:32:53 -0400
> > Mark Foley via samba <samba at lists.samba.org> wrote:
> >
> >
> > > as root:
> > > 
> > > ldbsearch --url=ldap://mail -b "DC=hprs,DC=local" -s sub
> > > "(&(sAMAccountType=805306368)(sAMAccountName=mark))"
> > > msDS-UserPasswordExpiryTimeComputed
> > > 
> > > search error - LDAP error 1 LDAP_OPERATIONS_ERROR -  <00002020:
> > > Operation unavailable without authentication> <>
> > > 
> > > When I added `-U user%pass` it worked. I don't suppose there is a way
> > > to NOT specify the password? I'd rather not have to propigate the
> > > domain administrator's password among all the domain members (-N did
> > > not work).
> > > 
> > > Thanks --Mark
> > > 
> >
> > Sorry, forgot about the required authentication, try it with '-P'
> > without '-U administrator'
> >
> > Rowland
>
> Great! That did it. Final command:
>
> ldbsearch --url=ldap://mail -b "DC=hprs,DC=local" -P -s sub "(&(sAMAccountType=805306368)(sAMAccountName=$USER))" msDS-UserPasswordExpiryTimeComputed
>

Not quite where I need to be.  The above with the -P option works on the domain member when
logged in as root.  I had planned on interecepting the lightDM login program to incorporate
this, but in fact I have no idea what that is or where to find it. 

So, next idea is to run a script when the user logs in to inform him/her of a pending
expiration.  The -P option does not work for a non-root user.  I can get the info I need using
-U id%pw, but again, I'd need to have each user's password for this. 

Is there a way a user can run ldbsearch ... without specifying a password?

Is ldbsearch the only way to get a user's expiryTime?

Thanks, --Mark



More information about the samba mailing list