I've used this to extend the password expiration. It "should" work for setting an expired password expiration. You have to hit enter twice after the krbPasswordExpiration: 20131008000000Z line.
# ldapmodify -x -D 'cn=Directory Manager' -W Enter LDAP Password: dn: uid=username,cn=users,cn=accounts,dc=example,dc=com changetype: modify replace: krbPasswordExpiration krbPasswordExpiration: 20131008000000Z modifying entry "uid=username,cn=users,cn=accounts,dc=example,dc=com" ctrl-d On Tue, 2013-10-08 at 11:51 -0500, [email protected] wrote: > Hi All, > > I created a script to add users to freeipa using ldapadd command and it > works great. Now I want to forcibly change the password in the first > user login. What attribute do I have to change to accomplish this? > > Thanks! > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
