On Tuesday, 30 March 2010 19:50:15 Chris Jacobs wrote:
I haven't had any success adding pwdChangedTime to accounts - and it seems you've assisted others with that issue - with the result being "ya can't do that".
http://www.openldap.org/lists/openldap-software/200706/msg00298.html
So, how do I add pwdChangedTime to accounts?
By updating userPassword, as covered in point (2) in my previous reply. See below.
I'm being advised here to do so, but the only success I've had so far is painful: delete the entry, and use slapadd.
Thanks,
- chris
PS: Yes, I've read the man page for ldapmodify - I see mention of some 'general extensions flag - but it doesn't make sense to me. I've also seen mention of a '-k' flag, but it's not an option with the version of ldapsearch compiled with openldap 2.4.
I provide a more complete script below.
-----Original Message----- From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net] Sent: Tuesday, March 30, 2010 3:57 AM To: openldap-technical@openldap.org Cc: Chris Jacobs Subject: Re: Not getting password expiry warnings on login
- I'm probably going to need to scrub these accounts
so that they're created correctly - likely through a slapcat - modify output - wipe db (or delete entry) - slapadd (replace slapcat/add with ldapmodify if that's your pref).
No, update userPassword. E.g., something which does more or less:
ldapsearch "(&(userPassword=*)(!(pwdChangedTime=*)))" userPassword|ldapmodify
ldapsearch -LLL "(&(userPassword=*)(!(pwdChangedTime=*)))" userPassword|perl - p0e 's/\n(userPassword:)/\nreplace: userPassword\n$1/g'|ldapmodify
Now, if you only have simple binds working, then you would need to do it this way:
read -p 'Enter Root DN: ' ROOTDN read -s -p 'Enter Root DN Password: ' ROOTPW
ldapsearch -x -D "$ROOTDN" -w "$ROOTPW" -LLL "(&(userPassword=*)(! (pwdChangedTime=*)))" userPassword|perl -p0e 's/\n(userPassword:)/\nreplace: userPassword\n$1/g'|ldapmodify -x -D "$ROOTDN" -w "$ROOTPW"
However, if you don't yet know how to use ldapmodify and ldapsearch, you really should try and learn ...
Regards, Buchan