--On Tuesday, June 18, 2019 12:20 PM +0200 Côme Chilliet
So, there is no way to filter on shadowExpire values which are less
shadowExpire is defined as an integer type, not as a timestamp, so no.
It sounds crazy that such basic needs are not covered by LDAP
have I missed something?
It's not clear to me what this has to do with the LDAP protocol. The
definition of the "expire" field from /etc/shadow is:
Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute
date specifying when the login may no longer be used.
So it's an integer (just as the RFC defines it). I would imagine you could
write something that converts a current timestamp into the number of days,
etc, and then perform a search.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: