Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sun One Directory Server

Status
Not open for further replies.

xenia123

Technical User
Dec 6, 2005
25
SE
Hi

I'm administering a directory server 5.2. Now, I need to add some shadow attributes to each user (over 100 users, i wrote a script to modify these attributes) The Problem is, I don't know which attributes must be added that the password of each user must be changed at first logon, its maximum is 90 days, minimum is 30 days and the password should be inactive when maximum password has expired (after 90 days).

Can somebody help me?

Thank you in forward
xenia
 
Thanks for the link, bfitzmai.

i implemented all this things with the following entries, but nothing happened:(

objectclasses:
shadowAccount
top
posixAccont
account

shadow attributes:

shadowExpire is 3
shadowMax is 4
shadowMin is 1
shadowWarning is 1
shadowLastChange is 1

These are the flags listed in the shadow manual.. i'm not sure about LastChange.. should it be 0 or 1? I thought when shadowWarning is reached, there will be a prompt, who asks me to change my password.. isn't it like this?

greets
xenia
 
The Last Changed entry should be the number of days since January 1st 1970 and the date of the last change... Should be a large number. The Expiration entry is based on Januart 1st 1970 also. Your best bet may be to set up a temp account using admintool or smc and set all the entries you want... Then look at the shadow file and see how the temp account entry is set up...
 
Thank you for the hint :) But is there a way like a command to get the numbers of days since January 1st 1970? If so, i could include it into my script to modify all user entries in the ldap.. ? That would be very useful :)

regards
 
There has got to be... Try "man time"... I know the time command is based on the same January 1st 1970 date... But, I think it is in clock ticks since that date... I'll be at work in a little bit... Will look further into it.
 
im not so good in programming, but as far as i know, it is possible to with perl to get the unix timestamp

i searched in google, received many hits, but couldnt use anyone of these.. :(

thank you
xenia
 
This is a script called 1970 that I wrote for just this purpose :

Code:
#!/bin/ksh
#
# Print number of days since 01/01/1970.  Any parameter gives more
# verbose output.

[[ -x /usr/bin/nawk ]] && AWK=/usr/bin/nawk || AWK=/usr/bin/awk

date +"%j %Y" | $AWK -v VERBOSE=$1 '
{
        DAYOFYEAR=$1
        CURRENTYEAR=$2
        DAYS=-1 # Because it is not 1 day since 01/01/1970 until 02/01/1970.
        if (VERBOSE) { printf("%8s%8s%8s\n","Year","Days","Total") }
        for (YEAR=1970; YEAR < CURRENTYEAR; YEAR++) {
                if (YEAR % 4 == 0) {
                        if (YEAR % 100 == 0) {
                                if (YEAR % 1000 == 0) {
                                        YEARDAYS=366
                                } else {
                                        YEARDAYS=365
                                }
                        } else {
                                YEARDAYS=366
                        }
                } else {
                        YEARDAYS=365
                }
                DAYS+=YEARDAYS
                if (VERBOSE) { printf("%8s%8d%8d\n",YEAR,YEARDAYS,DAYS) }
        }
        DAYS+=DAYOFYEAR
        if (VERBOSE) { printf("%8s%8d",YEAR,DAYOFYEAR) }
        printf("%8d\n",DAYS)
}
'[/b]

Annihilannic.
 
Hi Annihilannic

Thank you for the script. It runs perfectly. i included it into my script to modify the shadow attributes... my question is now, should the shadowinactive attribute be the number of days since January 1st 1970 and the numbers of days when the account will be inactive?

thank you in forward
regards
 
Have a look at man shadow, it explains the field values quite clearly.

I normally use the passwd -n N -w N -x N username to modify these values rather than modifying /etc/shadow directly.

Annihilannic.
 
Hi

Thank you for the hints. I'm going to test this with a ldap user.. think that it will run :)

wish you nice x-mas and a happy new year

regards
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top