password expiration calculation

[gildasfleury]

It seems that calculation for Mail sent before "password expiration" is wrong in this script. I modified as below

sending a mail to advise user to change its password

               # Ajusts time with delay
               WARNING_DELAY=`expr ${expireTime} - ${MY_MAIL_DELAY}`
               if [[ ${diffTime} -lt ${pwdMaxAge} && ${currentTime} -gt ${WARNING_DELAY} ]]; then

Created a new category, a password change date but no policy applied. Could occurred probably when a user changed its policy. Here the default policy does not manage pwdmaxage so password will never expired (whereas user's password is wrongly raised as expired). To be adapted according each default policy configuration and pwdmaxage value.

        # Go to next entry if pwdchangedtime BUT no passwordpolicy
        if [ "${pwdChangedTime}" -a ! "${pwdPolicySubentry}" ]; then
                echo "${MY_LOG_HEADER} well a password change date for ${login} but no password policy" >&2
                continue
        fi

[coudot]

Hard to see what you really changed, could you prove a pull request or a diff?

[gildasfleury]

Arg I'm not allowed to clone project from github from Enterprise.
"# Ajusts time with delay" is already present on original script, I just changed the condition by these lines.

[coudot]

Ok, the check may indeed be wrong, I wonder why this has not been reported earlier. I need to test it before changing the code.