[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Tips when implementing password policies



On Wednesday, 24 March 2010 03:37:15 Chris Jacobs wrote:
> Okay, it says:
> "If pwdChangedTime does not exist, the user's password will not expire."
> 
> How have you guys dealt with this?

Just reset the passwords the current values, with something along the lines 
of:

ldapsearch -x -D $rootdn -W -L "(&(objectclass=posixAccount)(!
(pwdChangedTime=*)))" userPassword|ldapmodify

> I suspect that just asking people to
>  please change their passwords so we can make sure they expire will result
>  in a low turn-out rate. :p

Depending on how your users access the directory, setting pwdReset to TRUE may 
be an alternative.


Regards,
Buchan