ldap

ldapmodify

set password expiry on all ldap accounts

$ echo "changetype: modify
add: objectClass
objectClass: shadowAccount
-
add: shadowMin
shadowMin: 1
-
add: shadowMax
shadowMax: 60
-
add: shadowWarning
shadowWarning: 10
-
add: shadowInactive
shadowInactive: 0
-
add: shadowLastChange
shadowLastChange: 1766" > contentdiff

PPolicy

Get ldap policies

Assuming you have your policies stored beneath ou=Policies you can run something like this:

/usr/bin/ldapsearch -LLL -H ldap://localhost:389 -x -D "uid=myUSER,ou=users,dc=fany,dc=path" -W -s one -b "ou=Policies,dc=fany,dc=path"

Get list of historical pwd hashes

/usr/bin/ldapsearch -LLL -H ldap://localhost:389 -x -D "uid=myUSER,ou=users,dc=fancy,dc=path" -W -s base -b "uid=SearchForUser,ou=users,dc=fancy,dc=path" pwdHistory