samba - Oct 2017 - Some hint reading password expiration data...

On Fri, 27 Oct 2017 07:17:56 +1300
Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2017-10-26 at 09:26 +0100, Rowland Penny via samba wrote:
> > On Thu, 26 Oct 2017 13:25:00 +1300
> > Andrew Bartlett <abartlet at samba.org> wrote:
> > 
> > > On Tue, 2017-10-24 at 18:13 +0100, Rowland Penny via samba wrote:
> > > > 
> > > > Good question, at the moment it is 'dynamic', but
there is the
> > > > 'msDS-UserPasswordExpiryTimeComputed' attribute but
it doesn't
> > > > seem to
> > > > be used yet Samba.
> > > 
> > > We do implement this and use it internally, but I can't find
any
> > > unit tests specifically for it.  Ouch! :-)
> > > 
> > > Andrew Bartlett
> > > 
> > 
> > I know it is in the schema, but is there any code to use it ?
> 
> Yes.  
> 
> Andrew Bartlett
> 
Go on, I give in, where ? and how does a user use it.

Rowland

On Thu, 2017-10-26 at 19:36 +0100, Rowland Penny via samba
wrote:
> On Fri, 27 Oct 2017 07:17:56 +1300
> Andrew Bartlett <abartlet at samba.org> wrote:
> 
> > On Thu, 2017-10-26 at 09:26 +0100, Rowland Penny via samba wrote:
> > > On Thu, 26 Oct 2017 13:25:00 +1300
> > > Andrew Bartlett <abartlet at samba.org> wrote:
> > > 
> > > > On Tue, 2017-10-24 at 18:13 +0100, Rowland Penny via samba
wrote:
> > > > > 
> > > > > Good question, at the moment it is 'dynamic',
but there is the
> > > > > 'msDS-UserPasswordExpiryTimeComputed' attribute
but it doesn't
> > > > > seem to
> > > > > be used yet Samba.
> > > > 
> > > > We do implement this and use it internally, but I can't
find any
> > > > unit tests specifically for it.  Ouch! :-)
> > > > 
> > > > Andrew Bartlett
> > > > 
> > > 
> > > I know it is in the schema, but is there any code to use it ?
> > 
> > Yes.  
> > 
> > Andrew Bartlett
> > 
> 
> Go on, I give in, where ? and how does a user use it.
It is an operational attribute.  simply add 

msDS-UserPasswordExpiryTimeComputed

to the list of attributes requested when searching for the user. 

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

Mandi! Andrew Bartlett via samba
  In chel di` si favelave...
> It is an operational attribute.  simply add 
> msDS-UserPasswordExpiryTimeComputed
> to the list of attributes requested when searching for the user. 
 root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
"dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge
 # record 1
 dn: DC=ad,DC=fvg,DC=lnf,DC=it
 maxPwdAge: -77760000000000
 
 # returned 1 records
 # 1 entries
 # 0 referrals
 root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
"ou=Users,ou=FVG,dc=ad,dc=fvg,dc=lnf,dc=it" "(cn=gaio)"
pwdlastSet msDS-UserPasswordExpiryTimeComputed
 # record 1
 dn: CN=gaio,OU=Users,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it
 pwdLastSet: 131529847334416590
 msDS-UserPasswordExpiryTimeComputed: 131607607334416590
 
 # returned 1 records
 # 1 entries
 # 0 referrals
 root at vdcsv1:~# echo "131529847334416590+77760000000000" | bc
 131607607334416590

Cool! ;-)

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)