Solved

LDAP find expired users

Posted on 2016-09-21
8
93 Views
Last Modified: 2016-11-02
Hi all,
I'm working on a Captive Portal server and I should find via shell all expired users and delete them.
I try with ldapsearch -x shadowExpire=<DateConvertedInEpoch>
example expire date 20/09/2016:
ldapsearch -x shadowExpire=17064
it's fine working for that absolute date, but how can I do if I should search all users expired until 20/09/2016?
Thanks a lot
0
Comment
Question by:Claudio Pisciottano
  • 4
  • 3
8 Comments
 
LVL 20

Expert Comment

by:netcmh
ID: 41808942
ldapsearch -x shadowExpire<=17064
0
 
LVL 1

Author Comment

by:Claudio Pisciottano
ID: 41809038
Thank you for your reply, but

root@xxx /> ldapsearch -x shadowExpire<=17064
bash: =17064: No such file or directory
0
 
LVL 20

Expert Comment

by:netcmh
ID: 41810527
ldapsearch -x '((objectclass=shadowaccount)(shadowexpire<=17064))'
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 1

Author Comment

by:Claudio Pisciottano
ID: 41810584
Hi netcmh and thank you for your reply and interest, but I've another type of error

root@xxx /> ldapsearch -x '((objectclass=shadowaccount)(shadowexpire=17064))'
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: ((objectclass=shadowaccount)(shadowexpire=17064))
# requesting: ALL
#
ldapsearch: ldap_search_ext: Bad search filter (-7)
root@xxx />
0
 
LVL 20

Accepted Solution

by:
netcmh earned 500 total points
ID: 41810602
I don't have ldapsearch installed on this computer, and am doing this off the top of my head:

try

ldapsearch -v -x ‘(&(shadowexpire<=17064))’
0
 
LVL 1

Author Comment

by:Claudio Pisciottano
ID: 41810696
Ok, with this command I've not an error, so it's seems good, but I've not my goal.

root@xxx /> ldapsearch -v -x '(&(shadowExpire<=17094))'
ldap_initialize( <DEFAULT> )
filter: (&(shadowExpire<=17094))
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(shadowExpire<=17094))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
root@xxx />

But if I write:

root@xxx /> ldapsearch -v -x '(&(shadowExpire=17084))'
ldap_initialize( <DEFAULT> )
filter: (&(shadowExpire=17084))
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(shadowExpire=17084))
# requesting: ALL
#

# john, People, mycompany.local
dn: uid=john,ou=People,dc=mycompany,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
cn: ?
description: ?
displayName: ?
o: ?
uidNumber: 2
gidNumber: 65534
homeDirectory: /home/john
loginShell: /bin/sh
ownerUser: admin
sessions: 0
loginRemote: ?
givenName: john
sn: doe
mail: john.doe@company.com
telephoneNumber:
gecos: ?
shadowExpire: 17084
hidden: no
roomName: ?
MCpInterfaces: ?
maxDays: ?
class: BUSINESS
uid: john
validity: yes

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
root@xxx />
0
 
LVL 20

Assisted Solution

by:netcmh
netcmh earned 500 total points
ID: 41810724
Can you try this, please?

ldapsearch -v -x '(&(shadowExpire=0)(shadowExpire=17084))'

ldapsearch -v -x '(&(shadowExpire>1)'
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

APEX (Application Express) is used to develop a web application from Oracle. SQL Workshop is one of the tools that comes with Oracle APEX to query or modify the database objects or to make any changes to the structure.
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question