Re: [Freeipa-users] Force to change password in first login

Rob Crittenden Tue, 08 Oct 2013 10:55:07 -0700

Rodney L. Mercer wrote:

I've used grub-md5-crypt to create a password for an openldap server and
used this format:
# grub-md5-crypt
Password:
Retype password:
$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1


Here is the ldif that I used to modify the entry on the openldap server:

#cat usermod.ldif
dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: {crypt}$1$mGzMO1$zF/c9QxKV.ZZXwlvyR8UO1


I'm not sure if this will work for the directory server that IPA uses?

Worth a shot I suppose.

crypt will work. Or you can pass it in the clear and it will encrypt itfor you using the default password scheme, SSHA1 IIRC.

rob


Rodney.



On Tue, 2013-10-08 at 12:28 -0500, [email protected] wrote:

Rodney,

Thanks!...I forgot it totally...

Let me ask you about modify the password using ldapmodify command, I
tried changing userPassword attribute with {MD5} encryption and it did
not work.

ldapmodify -x -H ldap://ipaserver -D "cn=directory manager" -w
'password' <<EOF
changetype: modify
replace: userPassword
userPassword: {MD5}QvdJref54ZW/R183pEyvyw==
EOF

Do I need to modify another attribute?...any clue?

Thanks in advance!



On 10/08/2013 12:07 PM, Rodney L. Mercer wrote:

I've used this to extend the password expiration. It "should" work for
setting an expired password expiration. You have to hit enter twice
after the krbPasswordExpiration: 20131008000000Z line.

# ldapmodify -x -D 'cn=Directory Manager' -W
  Enter LDAP Password:
  dn: uid=username,cn=users,cn=accounts,dc=example,dc=com
  changetype: modify
  replace: krbPasswordExpiration
  krbPasswordExpiration: 20131008000000Z


modifying entry
"uid=username,cn=users,cn=accounts,dc=example,dc=com"

ctrl-d



On Tue, 2013-10-08 at 11:51 -0500, [email protected] wrote:

Hi All,

I created a script to add users to freeipa using ldapadd command and it
works great. Now I want to forcibly change the password in the first
user login. What attribute do I have to change to accomplish this?

Thanks!

_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users

Re: [Freeipa-users] Force to change password in first login

Reply via email to