Quanah Gibson-Mount wrote:
--On Thursday, September 25, 2014 2:27 PM +0200 Ulrich Windl Ulrich.Windl@rz.uni-regensburg.de wrote:
I'd like to query userPassword attributes that don't start with "{SSHA", but it seems substring match doesn't work there. An addition I'd like to find those users that didn't change their password since the user was created, i.e. modifyTimestamp=createTimestamp, but I think that's not possible in a search filter as the right of '=' is interpreted literally, right?
Any ideas?
(modifyTimeStamp<=createTimestamp) should do it? Since modifyTimestamp can never be less than createTimestamp, that will only return entries where they are equal.
For various reasons running with slapo-ppolicy and querying pwdChangedTime would be a better choice.
'userPassword' only has EQUALITY and ORDERING matching rules. One could maybe query with >= and <=?
Ciao, Michael.