Problem Requiring Password Changes
37 views
Skip to first unread message
Joey
May 6, 2008, 6:25:02 PM5/6/08
to openldap
Hi, I've got openldap installed and running using the ppolicy schema.
I created an ldif file with a bunch of user accounts, then imported
them into the data banks.
I've configured several linux (FC) clients to authenticate using
pam_ldap.so. I've installed phpldapadmin to manage the LDAP
directory.
The accounts I've imported from an LDIF file, have their passwords
marked as 'expired' and thus, when a user logs into a system for the
first time, they get the following desired behavior:
ssh -l testuser myhost
testuser@myhost's password:
You are required to change your LDAP password immediately.
Creating directory '/home/testuser'.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testuser.
Enter login(LDAP) password:
yada yada.
However, if I create a user using phpldapadmin, they get logged right
in using the correct password. If I then try to require a password
reset like so:
dn: cn=Test User,ou=People,dc=example,dc=com
changetype: modify
replace: pwdReset
pwdReset: TRUE
Then they get the following when trying to login via ssh:
testuser@myhost's password:
Change After Reset
Connection closed by myhost
Can someone tell me how I can expire accounts they way they're expired
when I import them from an ldif file? It would be most appreciated.
Thanks.
--joey
I created an ldif file with a bunch of user accounts, then imported
them into the data banks.
I've configured several linux (FC) clients to authenticate using
pam_ldap.so. I've installed phpldapadmin to manage the LDAP
directory.
The accounts I've imported from an LDIF file, have their passwords
marked as 'expired' and thus, when a user logs into a system for the
first time, they get the following desired behavior:
ssh -l testuser myhost
testuser@myhost's password:
You are required to change your LDAP password immediately.
Creating directory '/home/testuser'.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testuser.
Enter login(LDAP) password:
yada yada.
However, if I create a user using phpldapadmin, they get logged right
in using the correct password. If I then try to require a password
reset like so:
dn: cn=Test User,ou=People,dc=example,dc=com
changetype: modify
replace: pwdReset
pwdReset: TRUE
Then they get the following when trying to login via ssh:
testuser@myhost's password:
Change After Reset
Connection closed by myhost
Can someone tell me how I can expire accounts they way they're expired
when I import them from an ldif file? It would be most appreciated.
Thanks.
--joey
Reply all
Reply to author
Forward
0 new messages