In order to filter LDAP entries by some date attribute (e.g.: accountExpires, lastLogon, pwdLastSet etc.) one may need to use the current date. Such a dynamic value may be nicely set with Token API.

In particular this functionality would become handy during the LDAP synchronization process in order, for instance, to block expired accounts.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

encelado’s picture

Status: Active » Needs review
FileSize
2.79 KB

This patch allows to set in the ldapsync module configuration an LDAP query like:

(&(objectClass=person)(|(accountExpires=0)(accountExpires>=[current-date])))

The [current-date] token will be replaced at runtime with the current timestamp in the proper format. In the shown case, the resulting filter will retrieve all persons whose account is currently active.