[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't modify pwdChangedTime as "admin"



Thanks for that good pointer Dieter.
Although it will force the user to change his password I'm not sure this will do the trick in our case. We have a custom passwd script that keeps both ldap and nis in sync. With the above I believe the Nis password won't be updated.

So is there a way to actually update the pwdChangedTime? (Even out of pure curiosity)

Thanks


On Aug 17, 2016 11:38, "Dieter Klünter" <dieter@dkluenter.de> wrote:
Am Wed, 17 Aug 2016 10:46:58 +0200
schrieb "PenguinWhispererThe ." <th3penguinwhisperer@gmail.com>:

> Hi all,
>
> I've noticed that after a password reset pwdChangedTime gets updated.
>
> This is fine. We do have a policy in place that doesn't let you
> modify your password again within a few days.
>
> I'd like to reset/change this pwdChangedTime so the user can reset his
> password himself after logging in with the supplied password. However
> deleting/modifying pwdChangedTime doesn't work.
>
> How should I resolve this?
> I'm pretty sure this is not an ACL issue as my user matches the first
> entry and is allowed to write all.
>
> I've seen some docs from IBM about removing pwdChangedTime being
> possible but that might not apply to openldap.
>
man slapo-ppolicy(5), read carefully the comments on pwdReset.

-Dieter

--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E