So you have maximumPasswordAgeDays
configured already and want to report when the expiration will occur for each operator?
Exact. Last expiration was during my vacation, bad luck for my colleagues
Hm. I thought I made some progress with Session Relevance to get the maximum password age:
(name of it, value of it | "none") of bes deployment options
with results like
maximumPasswordAgeDays, 720
passwordComplexityDescription, ( Passwords must contain 8 characters or more, both uppercase and lowercase letters, and at least 1 digit. )
passwordComplexityRegex, ( (?=.*[[:lower:]])(?=.*[[:upper:]])(?=.*[[:digit:]]).{8,} )
But, after getting the maximumPasswordAgeDays, I haven’t found a ‘bes user’ property or even a REST API call that will retrieve the operators’ last password change time.
So far I’ve managed to build a SQL query that retrieves them, though, if this helps at all.
select username
, PasswordLastChanged
, MaxPasswordAge
, DATEADD(day, CAST(MaxPasswordAge as int), PasswordLastChanged) as PasswordExpirationTime
FROM
(SELECT userinfo.username as username
, userinfo.PasswordLastChanged as PasswordLastChanged
, (
SELECT adminfield.FieldContents AS MaxPasswordAge from [BFEnterprise].[dbo].[ADMINFIELDS] as adminfield
WHERE adminfield.FieldName='Z:maximumPasswordAgeDays'
) as MaxPasswordAge
FROM bfenterprise.dbo.USERINFO as userinfo
where userinfo.ldapID is NULL
) AS test
Results sample
username |
PasswordLastChanged |
MaxPasswordAge |
PasswordExpirationTime |
mo |
2023-01-06 02:31:12.190 |
720 |
2024-12-26 02:31:12.190 |
bfc |
2023-02-02 18:42:51.453 |
720 |
2025-01-22 18:42:51.453 |
bfi_service |
2023-02-02 18:51:21.810 |
720 |
2025-01-22 18:51:21.810 |
1 Like
Oh, seems to be more tricky than expected. As a first step, SQL statement is pretty helpful, thanks very much.
I assume posting an idea / RFE to add this feature might be helpful for the future. Usually I prefer LDAP authenticated users of course but in some cases a local operator makes sense in my opinion.
1 Like