Can we get the CA DIrectory's operational attribute using a ldapsearch command?
The operational attributes contained in an entry can be returned by ldapsearch by:
Explicitly listing them
ldapsearch -x -h host:port -b c=au "(oc=*)" createTimestamp modifyTimestamp
Or by returning all of them with the special + character
ldapsearch -x -h host:port -b c=au "(oc=*)" +
Or all attributes including operational attributes can be returned by including "*" +
ldapsearch -x -h host:port -b c=au "(oc=*)" "*" +
Hope that helps!
I would expect to also see attributes like:
However, they do not appear.
What am I missing?
Password policy attributes are treated as operational attributes, that is, maintained by the DSA and not externally. These should appear when using the suggestions above. For example,
ldapsearch -x -h host:port -b ou=users,o=ca,c=au "(cn=justin)" +# extended LDIF## LDAPv3# base <ou=users,o=ca,c=au> with scope subtree# filter: (cn=justin)# requesting: +#
# justin, users, ca, audn: cn=justin,ou=users,o=ca,c=aucreateTimestamp: 20160824233907.402ZmodifyTimestamp: 20160824233917.588ZdxPwdLastChange: 20160824233917.588ZdxPwdLoginTime: 20160824233917.588ZdxPwdMustChange: TRUE
# search resultsearch: 2result: 0 Success
# numResponses: 2# numEntries: 1
My only other thought if they aren't returned is if password policy isn't enabled, or password policy has been recently enabled and the entries being retrieved haven't been used/updated.
Retrieving data ...