I'm quite sure you can without changing code, I need to find out where it's set again... it's doable.
2015-02-05 22:04 GMT+01:00 Rob Crittenden <[email protected]>: > Matt . wrote: >> OK this works out good, I can login without changing my password directly. >> >> But my expire is still on a day which should be set higer. >> >> min is on 0 everywhere, max is 90 days. >> >> How to accomplish that ? > > I can't think of a way without modifying code. > > Changing the password model has consequences. > > rob > >> >> >> >> 2015-02-05 17:13 GMT+01:00 Matt . <[email protected]>: >>> Yes, when receiving your email I found that indeed. My ldapEditor >>> doesn't allow me to add that value, so this need to be done using the >>> commandline ? >>> >>> >>> >>> 2015-02-05 15:03 GMT+01:00 Rob Crittenden <[email protected]>: >>>> Matt . wrote: >>>>> HI, >>>>> >>>>> I'm already doing so without any luck. If you remember something, >>>>> would be nice to know! >>>>> >>>>> So it should be possible to do still ? >>>> >>>> If the DN of the entry adding the password is in passSyncManagersDNs in >>>> the entry dn: cn=ipa_pwd_extop,cn=plugins,cn=config then the password >>>> will not be marked as expired (password policy is not applied at all IIRC). >>>> >>>> rob >>>> >>>>> >>>>> 2015-02-05 14:26 GMT+01:00 Dmitri Pal <[email protected]>: >>>>>> On 02/05/2015 07:59 AM, Matt . wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> OK, but as far as I understand we made some change, using a >>>>>>> commandline command which I cannot remember or find, which goes around >>>>>>> the password policy, or the attribute you talk about, when you add a >>>>>>> user. >>>>>>> >>>>>>> Can I change that globally? As we did it seems... but we were testing >>>>>>> so much back those days that it seems to be lost or so. >>>>>> >>>>>> >>>>>> I do not remember the detils from top of my head. You can probably try to >>>>>> search the mail archives. >>>>>> >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> >>>>>>> Matt >>>>>>> >>>>>>> 2015-02-05 13:21 GMT+01:00 Dmitri Pal <[email protected]>: >>>>>>>> >>>>>>>> On 02/05/2015 05:54 AM, Matt . wrote: >>>>>>>>> >>>>>>>>> In the past we have done some testsetups with password expiring after >>>>>>>>> we added a user, at the moment I have difficulties with this on 4.1.2 >>>>>>>>> >>>>>>>>> What I need is the following: >>>>>>>>> >>>>>>>>> - We add a user using json/kinit >>>>>>>>> - The user is added in the right way >>>>>>>>> - tThe user should be able to use his set password by the admin (at >>>>>>>>> least >>>>>>>>> ldap) >>>>>>>>> >>>>>>>>> At the moment the password is expired directly and I tried adding the >>>>>>>>> user with min/max lifetime to 0/0 which didn't work out. Als 0/500 >>>>>>>>> doesn't seem to fix my issue. >>>>>>>>> >>>>>>>>> I thought we had to do a little but more to accomplish this, but I'm >>>>>>>>> not able to find this (anymore) >>>>>>>>> >>>>>>>>> Does someone have a clue how to fix this ? I'm quite sure this is >>>>>>>>> possible. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> >>>>>>>>> Matt >>>>>>>>> >>>>>>>> It was always the feature of IPA to require password change on the >>>>>>>> first >>>>>>>> login after it was created. >>>>>>>> If you do not want it to be expired you need to change the expiration >>>>>>>> attribute of the account not min max life. >>>>>>>> >>>>>>>> -- >>>>>>>> Thank you, >>>>>>>> Dmitri Pal >>>>>>>> >>>>>>>> Sr. Engineering Manager IdM portfolio >>>>>>>> Red Hat, Inc. >>>>>>>> >>>>>>>> -- >>>>>>>> Manage your subscription for the Freeipa-users mailing list: >>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>>>>>> Go To http://freeipa.org for more info on the project >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thank you, >>>>>> Dmitri Pal >>>>>> >>>>>> Sr. Engineering Manager IdM portfolio >>>>>> Red Hat, Inc. >>>>>> >>>>> >>>> > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
