On 12/27/12 14:24 -0600, Kyle@TheHarrisHome.com wrote:
Hi Dan,
Thank you for your response. I am using CentOS 6.3, OpenLDAP 2.4 and sssd 1.8 as the pam module. Hope that helps as I still can't quite figure it out, and thank you again.
You should see if sssd contains the logic to make use of the ppolicy related attributes. If not, you should configure the appropriate shadowAccount attributes instead.
-----Original Message----- From: Dan White [mailto:dwhite@olp.net] Sent: Sunday, December 23, 2012 6:43 PM To: Kyle Harris Cc: openldap-technical@openldap.org Subject: Re: How to force password change upon account creation
On 12/23/12 17:33 -0600, Kyle Harris wrote:
Hello All,
I have a perl script that allows for the creation of new accounts in OpenLDAP. I am attempting to find a way to force the newly created user to change his or her password upon first login. I tried setting the attribute pwdMustChange to TRUE but that attribute must not be definable upon user creation. So, how can this be accomplished so that a new user is forced to change passwords after they first log on?
By 'log in' I assume you're asking about shell access to your system, which makes use of an ldap pam module to authenticate users. If so, the function of prompting users to change their password will be handled by that piece of software, and you should consult the documentation distributed with it.
If that's not the case, please clarify your authentication scenario.
openldap-technical@openldap.org