LDAP find expired users

Claudio Pisciottano
Claudio Pisciottano used Ask the Experts™
on
Hi all,
I'm working on a Captive Portal server and I should find via shell all expired users and delete them.
I try with ldapsearch -x shadowExpire=<DateConvertedInEpoch>
example expire date 20/09/2016:
ldapsearch -x shadowExpire=17064
it's fine working for that absolute date, but how can I do if I should search all users expired until 20/09/2016?
Thanks a lot
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
ldapsearch -x shadowExpire<=17064
Claudio PisciottanoNetwork "something"

Author

Commented:
Thank you for your reply, but

root@xxx /> ldapsearch -x shadowExpire<=17064
bash: =17064: No such file or directory
ldapsearch -x '((objectclass=shadowaccount)(shadowexpire<=17064))'
Claudio PisciottanoNetwork "something"

Author

Commented:
Hi netcmh and thank you for your reply and interest, but I've another type of error

root@xxx /> ldapsearch -x '((objectclass=shadowaccount)(shadowexpire=17064))'
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: ((objectclass=shadowaccount)(shadowexpire=17064))
# requesting: ALL
#
ldapsearch: ldap_search_ext: Bad search filter (-7)
root@xxx />
I don't have ldapsearch installed on this computer, and am doing this off the top of my head:

try

ldapsearch -v -x ‘(&(shadowexpire<=17064))’
Claudio PisciottanoNetwork "something"

Author

Commented:
Ok, with this command I've not an error, so it's seems good, but I've not my goal.

root@xxx /> ldapsearch -v -x '(&(shadowExpire<=17094))'
ldap_initialize( <DEFAULT> )
filter: (&(shadowExpire<=17094))
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(shadowExpire<=17094))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1
root@xxx />

But if I write:

root@xxx /> ldapsearch -v -x '(&(shadowExpire=17084))'
ldap_initialize( <DEFAULT> )
filter: (&(shadowExpire=17084))
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (&(shadowExpire=17084))
# requesting: ALL
#

# john, People, mycompany.local
dn: uid=john,ou=People,dc=mycompany,dc=local
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
cn: ?
description: ?
displayName: ?
o: ?
uidNumber: 2
gidNumber: 65534
homeDirectory: /home/john
loginShell: /bin/sh
ownerUser: admin
sessions: 0
loginRemote: ?
givenName: john
sn: doe
mail: john.doe@company.com
telephoneNumber:
gecos: ?
shadowExpire: 17084
hidden: no
roomName: ?
MCpInterfaces: ?
maxDays: ?
class: BUSINESS
uid: john
validity: yes

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
root@xxx />
Can you try this, please?

ldapsearch -v -x '(&(shadowExpire=0)(shadowExpire=17084))'

ldapsearch -v -x '(&(shadowExpire>1)'

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial