[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Tips when implementing password policies

To: openldap-technical@openldap.org
Subject: Re: Tips when implementing password policies
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Wed, 24 Mar 2010 08:45:05 +0100
Cc: Chris Jacobs <Chris.Jacobs@apollogrp.edu>
In-reply-to: <6C447584419BFE4E83D46E88F81314862FAEA762E8@EXCH07-05.apollogrp.edu>
References: <6C447584419BFE4E83D46E88F81314862FAEA762E8@EXCH07-05.apollogrp.edu>
User-agent: KMail/1.12.2 (Linux/2.6.31.12-desktop-1mnb; KDE/4.3.2; x86_64; ; )

On Wednesday, 24 March 2010 03:37:15 Chris Jacobs wrote:
> Okay, it says:
> "If pwdChangedTime does not exist, the user's password will not expire."
> 
> How have you guys dealt with this?

Just reset the passwords the current values, with something along the lines 
of:

ldapsearch -x -D $rootdn -W -L "(&(objectclass=posixAccount)(!
(pwdChangedTime=*)))" userPassword|ldapmodify

> I suspect that just asking people to
>  please change their passwords so we can make sure they expire will result
>  in a low turn-out rate. :p

Depending on how your users access the directory, setting pwdReset to TRUE may 
be an alternative.


Regards,
Buchan

References:
- Re: Tips when implementing password policies
  - From: Chris Jacobs <Chris.Jacobs@apollogrp.edu>

Prev by Date: Pre-requisites to enable SSL/TLS in OpenLDAP 2.4
Next by Date: Re: Problem with getent passwd
Index(es):
- Chronological
- Thread