Menu
▾
▴
Re: Active Directory
|
From: Chris R. <chr...@me...> - 2002-02-13 16:33:03
|
Jim Harle <ha...@us...> wrote: > The LDAP protocol doesn't know anything about large integers. I stronly > suspect that what you get back from perl's time() + other manipulations is > exactly what you want. In Novell-land, the equivalent looks like > 20011106120000Z. > --Jim Harle The syntax used by the attribute Jim describes is called GeneralizedTime; RFC 2256 refers you to X.680 for the formal definition of this type. If you break down time into different variables (years, months, etc) then it is pretty easy to construct a GeneralizedTime value. According to X.680 the three formats of GeneralizedTime are: yyyymmddHHMMSS[.s] or: yyyymmddHHMMSS[.s]Z or: yyyymmddHHMMSS[.s][+|-nnnn] where: [...] means optional s is fractional seconds (expire those accounts on the millisecond :-) nnnn is a timezone offset Z is a literal Z and you can probably guess the others. I'm not sure that's the same syntax that Al's accountExpires is using. > On Wed, 13 Feb 2002, Al Lilianstrom wrote: > >> I'm working with Active Directory manipulation from a Unix machine. >> We're going to have a centralized Oracle database feed my code to create >> accounts in AD. One of the items we want to set is the accountExpires >> field - esp for contractors. According to the schema this value is >> stored as a large integer that represents the number of seconds elapsed >> since 00:00:00, January 1, 1970. Cheers, Chris |
