Link to home
Create AccountLog in
Avatar of Claudio Pisciottano
Claudio PisciottanoFlag for Italy

asked on

LDAP find expired users

Hi all,
I'm working on a Captive Portal server and I should find via shell all expired users and delete them.
I try with ldapsearch -x shadowExpire=<DateConvertedInEpoch>
example expire date 20/09/2016:
ldapsearch -x shadowExpire=17064
it's fine working for that absolute date, but how can I do if I should search all users expired until 20/09/2016?
Thanks a lot
Avatar of netcmh
netcmh
Flag of United States of America image

ldapsearch -x shadowExpire<=17064
Avatar of Claudio Pisciottano

ASKER

Thank you for your reply, but

root@xxx /> ldapsearch -x shadowExpire<=17064
bash: =17064: No such file or directory
ldapsearch -x '((objectclass=shadowaccount)(shadowexpire<=17064))'
Hi netcmh and thank you for your reply and interest, but I've another type of error

root@xxx /> ldapsearch -x '((objectclass=shadowaccount)(shadowexpire=17064))'
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: ((objectclass=shadowaccount)(shadowexpire=17064))
# requesting: ALL
#
ldapsearch: ldap_search_ext: Bad search filter (-7)
root@xxx />
ASKER CERTIFIED SOLUTION
Avatar of netcmh
netcmh
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Ok, with this command I've not an error, so it's seems good, but I've not my goal.

root@xxx /> ldapsearch -v -x '(&(shadowExpire<=17094))'
ldap_initialize( <DEFAULT> )
filter: (&(shadowExpire<=17094))
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(shadowExpire<=17094))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
root@xxx />

But if I write:

root@xxx /> ldapsearch -v -x '(&(shadowExpire=17084))'
ldap_initialize( <DEFAULT> )
filter: (&(shadowExpire=17084))
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(shadowExpire=17084))
# requesting: ALL
#

# john, People, mycompany.local
dn: uid=john,ou=People,dc=mycompany,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
cn: ?
description: ?
displayName: ?
o: ?
uidNumber: 2
gidNumber: 65534
homeDirectory: /home/john
loginShell: /bin/sh
ownerUser: admin
sessions: 0
loginRemote: ?
givenName: john
sn: doe
mail: john.doe@company.com
telephoneNumber:
gecos: ?
shadowExpire: 17084
hidden: no
roomName: ?
MCpInterfaces: ?
maxDays: ?
class: BUSINESS
uid: john
validity: yes

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
root@xxx />
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.