Am Tue, 11 Dec 2012 12:10:40 -0600 schrieb Kyle Harris kyle@theharrishome.com:
Hello All,
I am new to OpenLDAP but have it up and running and have allowed users to change their own password. I was about to start working on a Perl script to grab the last password change date/time and email a user a few days before it expires. I have done that before with Perl using Active Directory as the LDAP server.
The problem is that when I use ldapsearch, I can see the user attributes including the hashed password but I don't see where it stores the last time a password was changed? In the event it matters, I am using bdb as the database and everything else including logins is working fine.
Am I using the wrong tool? How can I get this information?
You may search for all operational attributes by adding + (plus) to the search string (RFC 3673), or search for the modifyTimestamp attribute type, or add a password policy to the system, see man slapo-ppolicy(5).
-Dieter