0
I have a bash script to get days from AD since password was created. I need it to tell me the expiration date, which is last set date + 90 days
#!/bin/bash
pass="$(ldapsearch -Y GSSAPI -Q -H ldap:///dc%3Dant%2Cdc%3Dwork%2Cdc%3Dcom -b DC=ant,DC=work,DC=com -s sub cn=$1 | grep -Ew 'pwdLastSet:' | awk '{print $2}')"
epoch="$(((${pass}/10000000)-11644473600))"
pwdSet="$(date -d @${epoch})"
expires="$("${pwdSet}" --date +90+days)"
echo "pwdLastSet: "$pwdSet
echo "pwdExpires: "$expires
The line;
expires="$("${pwdSet}" --date +90+days)"
Is the problematic one
You know that's really not advised any more, to force password changes periodically. It makes users repeat simple patterns or write them down. Advisories from UK & US official bodies, from 3 years ago.
– Tetsujin – 2019-11-03T17:22:08.290Yeah, not my rules, I'm just looking to get some information – eekfonky – 2019-11-03T17:22:55.390
Yeah, people keep using that excuse - try telling the ones who make the rules that it's a really bad idea. – Tetsujin – 2019-11-03T17:24:09.603
A bit off topic, but sure, I'll get right on that – eekfonky – 2019-11-03T17:24:43.930
Excellent. Spread the word ;-)) – Tetsujin – 2019-11-03T17:26:33.943