CAS and Active Directory Password Expiration

Rob Wiltbank chade at dtcc.edu
Thu Jul 26 08:21:50 EDT 2007 

That number is always stored as a negative number that's in 
100-nanosecond intervals.  To convert to days, you take the absolutely 
value of that negative number, multiply by 0.0000001, then divide by 
86400 (number of seconds in a day).

It took me a long time to figure that out, so I figured I'd pass it 
along here, in case anyone wants to be brave and venture forth with that 
task. =)

Rob

Smith, Matt wrote:
> My recollection from a bunch of Perl/LDAP I wrote against AD a lifetime
> ago is that getting this from LDAP is painful.  First, "Password
> Expiration" is not stored with each user object.  Instead, you must
> access the "Password last changed" attribute, then adjust this by your
> domain's password expiration policy.
> 
> To make life more fun, the "Password Last Changed" value is not an
> ordinary timestamp, but rather is encoded using the "LargeInteger"
> syntax (search for "FileTime"), which is an 8-byte string representing
> the number of 100-nanosecond increments from 1/1/1601.  Thankfully, this
> means I can expire the passwords of the early European settlers of
> America.
> 
> It can be done, but it ain't fun.
> HTH,
> -Matt
> -----Original Message-----
> From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
> On Behalf Of Velpi
> Sent: Wednesday, July 25, 2007 4:59 PM
> To: Yale CAS mailing list
> Subject: Re: CAS and Active Directory Password Expiration
> 
>> I'm not familiar with AD's password expiration settings.  What's 
>> supposed to happen if the password is expired?
> 
> I'm not entirely sure, but I always thought it was just another 
> attribute that can be checked from the LDAP interface. (If that is 
> true,) it fits perfectly in this topic: 
> http://www.ja-sig.org/wiki/display/CAS/Expired+Password+Integration
> 
> -- Velpi
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
> 
> !DSPAM:46a7e198301371115719166!
> 
> 
>

More information about the cas mailing list