[Samba] Some hint reading password expiration data...

Andrew Bartlett abartlet at samba.org
Fri Oct 27 18:24:02 UTC 2017 

On Fri, 2017-10-27 at 17:10 +0200, Marco Gaiarin via samba wrote:
> Mandi! Andrew Bartlett via samba
>   In chel di` si favelave...
> 
> > It is an operational attribute.  simply add 
> > msDS-UserPasswordExpiryTimeComputed
> > to the list of attributes requested when searching for the user. 
> 
>  root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge
>  # record 1
>  dn: DC=ad,DC=fvg,DC=lnf,DC=it
>  maxPwdAge: -77760000000000
>  
>  # returned 1 records
>  # 1 entries
>  # 0 referrals
>  root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "ou=Users,ou=FVG,dc=ad,dc=fvg,dc=lnf,dc=it" "(cn=gaio)" pwdlastSet msDS-UserPasswordExpiryTimeComputed
>  # record 1
>  dn: CN=gaio,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
>  pwdLastSet: 131529847334416590
>  msDS-UserPasswordExpiryTimeComputed: 131607607334416590
>  
>  # returned 1 records
>  # 1 entries
>  # 0 referrals
>  root at vdcsv1:~# echo "131529847334416590+77760000000000" | bc
>  131607607334416590
> 
> Cool! ;-)

The advantage of using this is that when we eventually get to
implementing password settings objects, this will use the PSO
calculation, so you won't need to update your scripts.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list