OID : How to find password expiry date or when will account expire
We have OID 11g and would like to do ldapsearch which will give us list of users and date on which their password is expired.
Q1: Do you have any code or ldapsearch command or any thing which can help ?
Here is my analysis so far and questions which I don't have any answer and need help
OID determines when will password expire on two things :
a) when was password last set - This is defined in attribute pwdChangedTime on user entry
b) after how many days password will expire - This is defined by attribute pwdMaxage on passwordPolicy entry
Finding out pwdChangedTime is easy using ldapsearch
ldapsearch -p [port] -D "cn=orcladmin" -w "[password]" -b "cn=users,dc=[domain]" -s sub "objectclass=*" dn pwdChangedTime
Q2: How to find out which password policy applicable to user ?
If password policy is set directly on user entry then I can find out using attribute pwdpolicysubentry but if password policy is not set at user level then it will go to parent entry and so on
Q3: How to find attribute pwdpolicysubentry recursively to user and its parent entry ?