On Tuesday, 30 March 2010 19:50:15 Chris Jacobs wrote: > I haven't had any success adding pwdChangedTime to accounts - and it seems > you've assisted others with that issue - with the result being "ya can't > do that". > > http://www.openldap.org/lists/openldap-software/200706/msg00298.html > > So, how do I add pwdChangedTime to accounts?
By updating userPassword, as covered in point (2) in my previous reply. See below. > I'm being advised here to do so, but the only success I've had so far is > painful: delete the entry, and use slapadd. > > Thanks, > - chris > > PS: > Yes, I've read the man page for ldapmodify - I see mention of some 'general > extensions flag - but it doesn't make sense to me. I've also seen mention > of a '-k' flag, but it's not an option with the version of ldapsearch > compiled with openldap 2.4. I provide a more complete script below. > -----Original Message----- > From: Buchan Milne [mailto:[email protected]] > Sent: Tuesday, March 30, 2010 3:57 AM > To: [email protected] > Cc: Chris Jacobs > Subject: Re: Not getting password expiry warnings on login > > 2) I'm probably going to need to scrub these accounts > > so that they're created correctly - likely through a slapcat - modify > > output - wipe db (or delete entry) - slapadd (replace slapcat/add with > > ldapmodify if that's your pref). > > No, update userPassword. E.g., something which does more or less: > > ldapsearch "(&(userPassword=*)(!(pwdChangedTime=*)))" > userPassword|ldapmodify ldapsearch -LLL "(&(userPassword=*)(!(pwdChangedTime=*)))" userPassword|perl - p0e 's/\n(userPassword:)/\nreplace: userPassword\n$1/g'|ldapmodify Now, if you only have simple binds working, then you would need to do it this way: read -p 'Enter Root DN: ' ROOTDN read -s -p 'Enter Root DN Password: ' ROOTPW ldapsearch -x -D "$ROOTDN" -w "$ROOTPW" -LLL "(&(userPassword=*)(! (pwdChangedTime=*)))" userPassword|perl -p0e 's/\n(userPassword:)/\nreplace: userPassword\n$1/g'|ldapmodify -x -D "$ROOTDN" -w "$ROOTPW" However, if you don't yet know how to use ldapmodify and ldapsearch, you really should try and learn ... Regards, Buchan
