Cool :) thanks both of you for the feedback!


On Aug 18, 2016 2:12 PM, "Dieter Klünter" <dieter@dkluenter.de> wrote:
Am Thu, 18 Aug 2016 13:06:06 +0200
schrieb "PenguinWhispererThe ." <th3penguinwhisperer@gmail.com>:

> Thanks for that good pointer Dieter.
> Although it will force the user to change his password I'm not sure
> this will do the trick in our case. We have a custom passwd script
> that keeps both ldap and nis in sync. With the above I believe the
> Nis password won't be updated.
>
> So is there a way to actually update the pwdChangedTime? (Even out of
> pure curiosity)

man ldapmodify(1), read about relax extension.

-Dieter


> Thanks
>
> On Aug 17, 2016 11:38, "Dieter Klünter" <dieter@dkluenter.de> wrote:
>
> Am Wed, 17 Aug 2016 10:46:58 +0200
> schrieb "PenguinWhispererThe ." <th3penguinwhisperer@gmail.com>:
>
> > Hi all,
> >
> > I've noticed that after a password reset pwdChangedTime gets
> > updated.
> >
> > This is fine. We do have a policy in place that doesn't let you
> > modify your password again within a few days.
> >
> > I'd like to reset/change this pwdChangedTime so the user can reset
> > his password himself after logging in with the supplied password.
> > However deleting/modifying pwdChangedTime doesn't work.
> >
> > How should I resolve this?
> > I'm pretty sure this is not an ACL issue as my user matches the
> > first entry and is allowed to write all.
> >
> > I've seen some docs from IBM about removing pwdChangedTime being
> > possible but that might not apply to openldap.
> >
> man slapo-ppolicy(5), read carefully the comments on pwdReset.
>
> -Dieter
>
> --
> Dieter Klünter | Systemberatung
> http://sys4.de
> GPG Key ID: E9ED159B
> 53°37'09,95"N
> 10°08'02,42"E



--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E