Solved

LDAP find expired users

Posted on 2016-09-21
8
73 Views
Last Modified: 2016-11-02
Hi all,
I'm working on a Captive Portal server and I should find via shell all expired users and delete them.
I try with ldapsearch -x shadowExpire=<DateConvertedInEpoch>
example expire date 20/09/2016:
ldapsearch -x shadowExpire=17064
it's fine working for that absolute date, but how can I do if I should search all users expired until 20/09/2016?
Thanks a lot
0
Comment
Question by:Claudio Pisciottano
  • 4
  • 3
8 Comments
 
LVL 20

Expert Comment

by:netcmh
ID: 41808942
ldapsearch -x shadowExpire<=17064
0
 
LVL 1

Author Comment

by:Claudio Pisciottano
ID: 41809038
Thank you for your reply, but

root@xxx /> ldapsearch -x shadowExpire<=17064
bash: =17064: No such file or directory
0
 
LVL 20

Expert Comment

by:netcmh
ID: 41810527
ldapsearch -x '((objectclass=shadowaccount)(shadowexpire<=17064))'
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 1

Author Comment

by:Claudio Pisciottano
ID: 41810584
Hi netcmh and thank you for your reply and interest, but I've another type of error

root@xxx /> ldapsearch -x '((objectclass=shadowaccount)(shadowexpire=17064))'
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: ((objectclass=shadowaccount)(shadowexpire=17064))
# requesting: ALL
#
ldapsearch: ldap_search_ext: Bad search filter (-7)
root@xxx />
0
 
LVL 20

Accepted Solution

by:
netcmh earned 500 total points
ID: 41810602
I don't have ldapsearch installed on this computer, and am doing this off the top of my head:

try

ldapsearch -v -x ‘(&(shadowexpire<=17064))’
0
 
LVL 1

Author Comment

by:Claudio Pisciottano
ID: 41810696
Ok, with this command I've not an error, so it's seems good, but I've not my goal.

root@xxx /> ldapsearch -v -x '(&(shadowExpire<=17094))'
ldap_initialize( <DEFAULT> )
filter: (&(shadowExpire<=17094))
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(shadowExpire<=17094))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
root@xxx />

But if I write:

root@xxx /> ldapsearch -v -x '(&(shadowExpire=17084))'
ldap_initialize( <DEFAULT> )
filter: (&(shadowExpire=17084))
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(shadowExpire=17084))
# requesting: ALL
#

# john, People, mycompany.local
dn: uid=john,ou=People,dc=mycompany,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
cn: ?
description: ?
displayName: ?
o: ?
uidNumber: 2
gidNumber: 65534
homeDirectory: /home/john
loginShell: /bin/sh
ownerUser: admin
sessions: 0
loginRemote: ?
givenName: john
sn: doe
mail: john.doe@company.com
telephoneNumber:
gecos: ?
shadowExpire: 17084
hidden: no
roomName: ?
MCpInterfaces: ?
maxDays: ?
class: BUSINESS
uid: john
validity: yes

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
root@xxx />
0
 
LVL 20

Assisted Solution

by:netcmh
netcmh earned 500 total points
ID: 41810724
Can you try this, please?

ldapsearch -v -x '(&(shadowExpire=0)(shadowExpire=17084))'

ldapsearch -v -x '(&(shadowExpire>1)'
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
High Available Storage based on linux 6 70
SQL Server encoding for storing Indian languages 9 37
SQL Query 34 82
Hacked File Timestamps 4 51
APEX (Application Express) is used to develop a web application from Oracle. SQL Workshop is one of the tools that comes with Oracle APEX to query or modify the database objects or to make any changes to the structure.
Entity Framework is a powerful tool to help you interact with the DataBase but still doesn't help much when we have a Stored Procedure that returns more than one resultset. The solution takes some of out-of-the-box thinking; read on!
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now