All geek questions in one place

LDAP Password Expiration Days

I have a web application that uses Active Directory for authentication. I want to add a parameter that will notify users when their password is close to expiration. I managed to do something, but the problem is that the expiration days are negative (daysLeft parameter), but I can still log in.

string domainAndUsername = @"LDAP://ldapUrl";

DirectoryEntry root = new DirectoryEntry(ldapServer, userID, userPwd, AuthenticationTypes.Secure);
DirectorySearcher mySearcher = new DirectorySearcher(root);
SearchResultCollection results;

string filter = "maxPwdAge=*";
mySearcher.Filter = filter;

results = mySearcher.FindAll();

long maxDays = 0;
if (results.Count >= 1)
{
    Int64 maxPwdAge = (Int64)results[0].Properties["maxPwdAge"][0];
    maxDays = maxPwdAge / -864000000000;
}

mySearcher = new DirectorySearcher(root);
mySearcher.Filter = "(&(objectCategory=user)(samaccountname=" + userID + "))";

results = mySearcher.FindAll();
long daysLeft = 0;
if (results.Count >= 1)
{
    var lastChanged = results[0].Properties["pwdLastSet"][0];
    daysLeft = maxDays - DateTime.Today.Subtract(
        DateTime.FromFileTime((long)lastChanged)).Days;
}

Since the user was unable to log in if the account has expired, I assume that my error is to calculate the days remaining before the account expires ... but I can not find where it is located.

+4
source share
2 answers

, , pw, :

    public static void Main(string[] args)
    {
        const ulong dataFromAD = 0xFFFFE86D079B8000;
        var ticks = -unchecked((long)dataFromAD);
        var maxPwdAge = TimeSpan.FromTicks(ticks);

        var pwdLastSet = new DateTime(2015,12,16,9,19,13);

        var pwdDeadline = (pwdLastSet + maxPwdAge).Date;

        Console.WriteLine(pwdDeadline);

        Console.WriteLine(pwdDeadline - DateTime.Today);

        Console.ReadKey(true);
    }

, TimeSpan.FromTicks(-(long)results[0].Properties["maxPwdAge"][0]) DateTime.FromFileTime((long)results[0].Properties["pwdLastSet"][0]) , AD.

+1

, . , :

    private static DateTime? getPwdExpiration(string usuario)
    {
        DirectoryEntry searchGroup = new DirectoryEntry("LDAP://ldapUrl");
        DateTime? dt=null;
        foreach (DirectoryEntry user in searchGroup.Children)
        {
            if (user.InvokeGet("userPrincipalName") != null)
            {
                string username = user.InvokeGet("userPrincipalName").ToString();
                username = username.Substring(0, username.IndexOf('@'));
                if (username == usuario)
                {
                    if (user.InvokeGet("PasswordExpirationDate") != null)
                    {
                        dt = (DateTime)user.InvokeGet("PasswordExpirationDate");
                        if (dt.Value.CompareTo(new DateTime(1970,1,1))==0)
                        {
                            //Password never expires
                            dt = null;
                        }
                    }
                    break;
                }
            }
        }
        return dt;
    }

:

DateTime? expirationDate = getPwdExpiration(username);
0

Source: https://habr.com/ru/post/1623906/

More articles:


All Articles