ldap-scripts icon indicating copy to clipboard operation
ldap-scripts copied to clipboard

Published 20 hours ago verified publisher icon ltb-project

password expiration calculation

Open gildasfleury-pro opened this issue 3 years ago • 3 comments
trafficstars

It seems that calculation for Mail sent before "password expiration" is wrong in this script. I modified as below

sending a mail to advise user to change its password

               # Ajusts time with delay
               WARNING_DELAY=`expr ${expireTime} - ${MY_MAIL_DELAY}`
               if [[ ${diffTime} -lt ${pwdMaxAge} && ${currentTime} -gt ${WARNING_DELAY} ]]; then

Created a new category, a password change date but no policy applied. Could occurred probably when a user changed its policy. Here the default policy does not manage pwdmaxage so password will never expired (whereas user's password is wrongly raised as expired). To be adapted according each default policy configuration and pwdmaxage value.

        # Go to next entry if pwdchangedtime BUT no passwordpolicy
        if [ "${pwdChangedTime}" -a ! "${pwdPolicySubentry}" ]; then
                echo "${MY_LOG_HEADER} well a password change date for ${login} but no password policy" >&2
                continue
        fi

gildasfleury-pro avatar Aug 18 '22 08:08 gildasfleury-pro

Hard to see what you really changed, could you prove a pull request or a diff?

coudot avatar Aug 18 '22 08:08 coudot

Arg I'm not allowed to clone project from github from Enterprise. "# Ajusts time with delay" is already present on original script, I just changed the condition by these lines.

gildasfleury-pro avatar Aug 18 '22 09:08 gildasfleury-pro

Ok, the check may indeed be wrong, I wonder why this has not been reported earlier. I need to test it before changing the code.

coudot avatar Aug 18 '22 10:08 coudot