Skip to Main Content

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OID : How to find password expiry date or when will account expire

onlineAppsDBA.comJan 6 2012 — edited Jan 6 2012
We have OID 11g and would like to do ldapsearch which will give us list of users and date on which their password is expired.

Q1: Do you have any code or ldapsearch command or any thing which can help ?

Here is my analysis so far and questions which I don't have any answer and need help

OID determines when will password expire on two things :
a) when was password last set - This is defined in attribute pwdChangedTime on user entry
b) after how many days password will expire - This is defined by attribute pwdMaxage on passwordPolicy entry


Finding out pwdChangedTime is easy using ldapsearch
ldapsearch -p [port] -D "cn=orcladmin" -w "[password]" -b "cn=users,dc=[domain]" -s sub "objectclass=*" dn pwdChangedTime

Q2: How to find out which password policy applicable to user ?
If password policy is set directly on user entry then I can find out using attribute pwdpolicysubentry but if password policy is not set at user level then it will go to parent entry and so on

Q3: How to find attribute pwdpolicysubentry recursively to user and its parent entry ?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Feb 3 2012
Added on Jan 6 2012
4 comments
2,352 views