Problem Requiring Password Changes

37 views
Skip to first unread message

Joey

unread,
May 6, 2008, 6:25:02 PM5/6/08
to openldap
Hi, I've got openldap installed and running using the ppolicy schema.
I created an ldif file with a bunch of user accounts, then imported
them into the data banks.

I've configured several linux (FC) clients to authenticate using
pam_ldap.so. I've installed phpldapadmin to manage the LDAP
directory.

The accounts I've imported from an LDIF file, have their passwords
marked as 'expired' and thus, when a user logs into a system for the
first time, they get the following desired behavior:


ssh -l testuser myhost
testuser@myhost's password:
You are required to change your LDAP password immediately.
Creating directory '/home/testuser'.
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testuser.
Enter login(LDAP) password:

yada yada.

However, if I create a user using phpldapadmin, they get logged right
in using the correct password. If I then try to require a password
reset like so:

dn: cn=Test User,ou=People,dc=example,dc=com
changetype: modify
replace: pwdReset
pwdReset: TRUE

Then they get the following when trying to login via ssh:

testuser@myhost's password:
Change After Reset
Connection closed by myhost

Can someone tell me how I can expire accounts they way they're expired
when I import them from an ldif file? It would be most appreciated.
Thanks.


--joey



Reply all
Reply to author
Forward
0 new messages