Matt . wrote: > HI, > > I'm already doing so without any luck. If you remember something, > would be nice to know! > > So it should be possible to do still ?
If the DN of the entry adding the password is in passSyncManagersDNs in the entry dn: cn=ipa_pwd_extop,cn=plugins,cn=config then the password will not be marked as expired (password policy is not applied at all IIRC). rob > > 2015-02-05 14:26 GMT+01:00 Dmitri Pal <[email protected]>: >> On 02/05/2015 07:59 AM, Matt . wrote: >>> >>> Hi, >>> >>> OK, but as far as I understand we made some change, using a >>> commandline command which I cannot remember or find, which goes around >>> the password policy, or the attribute you talk about, when you add a >>> user. >>> >>> Can I change that globally? As we did it seems... but we were testing >>> so much back those days that it seems to be lost or so. >> >> >> I do not remember the detils from top of my head. You can probably try to >> search the mail archives. >> >>> >>> >>> Thanks, >>> >>> Matt >>> >>> 2015-02-05 13:21 GMT+01:00 Dmitri Pal <[email protected]>: >>>> >>>> On 02/05/2015 05:54 AM, Matt . wrote: >>>>> >>>>> In the past we have done some testsetups with password expiring after >>>>> we added a user, at the moment I have difficulties with this on 4.1.2 >>>>> >>>>> What I need is the following: >>>>> >>>>> - We add a user using json/kinit >>>>> - The user is added in the right way >>>>> - tThe user should be able to use his set password by the admin (at >>>>> least >>>>> ldap) >>>>> >>>>> At the moment the password is expired directly and I tried adding the >>>>> user with min/max lifetime to 0/0 which didn't work out. Als 0/500 >>>>> doesn't seem to fix my issue. >>>>> >>>>> I thought we had to do a little but more to accomplish this, but I'm >>>>> not able to find this (anymore) >>>>> >>>>> Does someone have a clue how to fix this ? I'm quite sure this is >>>>> possible. >>>>> >>>>> Thanks, >>>>> >>>>> Matt >>>>> >>>> It was always the feature of IPA to require password change on the first >>>> login after it was created. >>>> If you do not want it to be expired you need to change the expiration >>>> attribute of the account not min max life. >>>> >>>> -- >>>> Thank you, >>>> Dmitri Pal >>>> >>>> Sr. Engineering Manager IdM portfolio >>>> Red Hat, Inc. >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go To http://freeipa.org for more info on the project >> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
