On 12/23/12 17:33 -0600, Kyle Harris wrote:
Hello All,
I have a perl script that allows for the creation of new accounts in OpenLDAP. I am attempting to find a way to force the newly created user to change his or her password upon first login. I tried setting the attribute pwdMustChange to TRUE but that attribute must not be definable upon user creation. So, how can this be accomplished so that a new user is forced to change passwords after they first log on?
By 'log in' I assume you're asking about shell access to your system, which makes use of an ldap pam module to authenticate users. If so, the function of prompting users to change their password will be handled by that piece of software, and you should consult the documentation distributed with it.
If that's not the case, please clarify your authentication scenario.