我正在尝试编写一个ldap过滤器,它将检索以下用户:
person
类别user
他们必须更改密码:
这样,我可以看到密码即将过期的用户以及今天更改密码的用户。
我已经能够通过此过滤器获得过期用户
$"(&(objectCategory=person)(objectClass=user)(pwdLastSet>={DateTime.Today.AddDays(-80).ToFileTime()})(pwdLastSet<={DateTime.Today.AddDays(-90).ToFileTime()})(!userAccountControl:1.2.840.113556.1.4.803:=2))"
但是当我尝试包含今天更改密码的用户
时$"(&(objectCategory=person)(objectClass=user)(|(&(pwdLastSet>={DateTime.Today.AddDays(-80).ToFileTime()})(pwdLastSet<={DateTime.Today.AddDays(-90).ToFileTime()}))(&(pwdLastSet<={DateTime.Today.ToFileTime()})(pwdLastSet>={DateTime.Today.AddDays(-1).ToFileTime()})))(!userAccountControl:1.2.840.113556.1.4.803:=2))";
我仅让今天设置密码的用户。
任何人都可以指向正确的方向或提供构建此类过滤器的一般提示(即在单个过滤器中指定2个日期范围)来帮助我吗?
答案 0 :(得分:0)
我设法使我的过滤器工作,同时重新安排代码以使其更具可读性(我认为):
private static string objPersonFilter = "objectCategory=person";
private static string classUserFilter = "objectClass=user";
private static string AccountEnabledFilter = "!userAccountControl:1.2.840.113556.1.4.803:=2";
private static string pwdExpiringMinimum = $"pwdLastSet<={DateTime.Today.AddDays(-80).ToFileTime()}";
private static string pwdExpiringMaximum = $"pwdLastSet>={DateTime.Today.AddDays(-90).ToFileTime()}";
private static string pwdChangedToday = $"pwdLastSet>={DateTime.Today.ToFileTime()}";
private string expiringPasswordFilter =
$"(&({objPersonFilter})({classUserFilter})({AccountEnabledFilter})(|({pwdChangedToday})(&({pwdExpiringMinimum})({pwdExpiringMaximum}))))";