On Fri, Oct 08, 2021 at 09:35:31AM -0400, Dave Macias wrote:
Hello,
Happy Friday!
I have a script that defaults the password to the user's username and then it sets the pwdChangedTime so far back that pwdMaxAge: 62208000 triggers.
In 2.5.7 before I change the pwdChangedTime i MUST do a simple bind with dn/password before I can apply the new pwdChangedTime. I say in 2.5.7 bc in 2.4.59 i dont see this behavior.
So my flow goes as follows:
ldappasswd <newpass> ldapmodify <newPwdChangedTime> (pwdChangedTime: 20191008133434Z) ssh with new <newpass>
Oct 8 09:17:06 localhost slapd[1380194]: conn=1199 op=2 BIND dn="uid=davetest,ou=People,dc=domain,dc=net" method=128 Oct 8 09:17:06 localhost slapd[1380194]: conn=1199 op=2 RESULT tag=97 err=49 qtime=0.000026 etime=0.000262 text=
Hi Dave, I'm not sure which is the operation that fails? Who are you binding as, if "uid=davetest,ou=People,dc=domain,dc=net", why should the user have write access to its own pwdChangedTime?
Flow i have to do so that bind works:
Again, not sure from the logs what that corresponds to (there is no MODify operation logged, etc.).
Also what are you actually trying to achieve? Is it to force the user to change their password? Shouldn't you just rely on the pwdReset attribute then?
Regards,