At the risk of sounding like a nitwit (I suspect it may be too late for that - heh) - how?
I've tried an ldif, and slapcat and complains of key/data pairs existing - Apache Directory Studio reports LDAP: error code 19 - pwdChangedTime: no user modification allowed.
I supposed I /could/ dump the user branch, add the attribute, delete them from ldap and readd them via the LDIF - but that seems like using a sledgehammer to set a pin.
I /really/ appreciate everyone's input/help.
Thanks, - chris
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Tuesday, March 23, 2010 8:21 PM To: Chris Jacobs; 'hyc@symas.com' Cc: 'tgates81@gmail.com'; 'openldap-technical@openldap.org' Subject: Re: Tips when implementing password policies
--On Tuesday, March 23, 2010 7:37 PM -0700 Chris Jacobs Chris.Jacobs@apollogrp.edu wrote:
Okay, it says: "If pwdChangedTime does not exist, the user's password will not expire."
How have you guys dealt with this? I suspect that just asking people to please change their passwords so we can make sure they expire will result in a low turn-out rate. :p
I also don't want people to just end-up locked out either, if at all possible.
Thoughts?
Find all objects without that attribute, and add it. This will force all users who previously didn't have it to have to change their password once that expiration time is reached.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.