[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to force password change upon account creation

To: openldap-technical@openldap.org
Subject: Re: How to force password change upon account creation
From: Dieter KlÃnter <dieter@dkluenter.de>
Date: Mon, 24 Dec 2012 10:22:43 +0100
In-reply-to: <CAO5ZC7FdGmzYD-Uaodx2CZZh5K-4yo9=b7GYxDDBj=S9s8RvUQ@mail.gmail.com>
Organization: AVCI
References: <CAO5ZC7FdGmzYD-Uaodx2CZZh5K-4yo9=b7GYxDDBj=S9s8RvUQ@mail.gmail.com>

Am Sun, 23 Dec 2012 17:33:38 -0600
schrieb Kyle Harris <kyle@theharrishome.com>:

> Hello All,
> 
> I have a perl script that allows for the creation of new accounts in
> OpenLDAP.  I am attempting to find a way to force the newly created
> user to change his or her password upon first login.  I tried setting
> the attribute pwdMustChange to TRUE but that attribute must not be
> definable upon user creation.  So, how can this be accomplished so
> that a new user is forced to change passwords after they first log on?

In your perlscript you may include Net::LDAP::Extension::SetPassword in
order to create a random password, and second you should define and
create a password policy entry that contains all relevant attribute
types. See man slapo-ppolicy(5).

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53Â37'09,95"N
10Â08'02,42"E

References:
- How to force password change upon account creation
  - From: Kyle Harris <kyle@theharrishome.com>

Prev by Date: Re: How to force password change upon account creation
Next by Date: Admin user has two passwords
Index(es):
- Chronological
- Thread