I am running openldap 2.3.43.el5 on RHEL 5.3 I am trying to find a simple command that will tell you when the password for an ldap user will expire, any help would be greatly appreciated.This would be an equivalent of chage -l (for local linux accounts.
I have just managed to change the pwdmaxAge attribute in our environment and need a definite way to check if the change has taken effect (not just by querying the atribute pwdMaxAge with ldapsearch
Help Please ?
Best Answer
There isn't one. The only thing that can help you is the operational attribute
pwdChangedTime, which you can see vialdapsearch. When this gets older thanpwdMaxAgein the password policy, the password expires. The only way to test it exactly is to wait out the expiration periond.